Rate Limiting Limiting access to your API helps to prevent abuse and ensure fair usage among all users.

Using the /api-keys/auth/ endpoint, we can test a key is valid.

curl --location --request POST 'https://api.theauthapi.com/api-keys/auth/[API-KEY]' \
--header 'x-api-key: [ACCESS-KEY]'

​
Good Result - 200

{
  "key": "live_cQkeqA79HV8*********",
  "name": "Name your key!",
  "customMetaData": {},
  "customAccountId": null,
  "customUserId": null,
  "env": "live",
  "createdAt": "2024-11-03T17:09:01.623Z",
  "updatedAt": "2024-11-03T17:09:01.623Z",
  "isActive": true,
  "expiresAt": "2024-11-04T17:16:00.000Z",
  "rateLimitConfigs": {
    "rateLimit": 10,
    "rateLimitTtl": 60
  },
  "creationContext": {}
}

​
Rate limit hit - 429

{
  "statusCode": 429,
  "message": "Too many requests"
}

​
Access denied - 404

The key has been revoked, or the malformed.

{
  "statusCode": 404,
  "message": "Invalid client key",
  "error": "Not Found"
}
Building a middlwareRate limiting