Tiered Rate Limits

Apply different rate limits based on user tiers such as free, pro, and enterprise plans.

Basic Tiered Limits

Use the key and limit options together to implement tiered rate limiting.

const tierLimits = {
  free: 100,
  pro: 1000,
  enterprise: 10000
};

hitlimit({
  limit: (req) => {
    const tier = req.user?.tier || 'free';
    return tierLimits[tier];
  },
  window: '1h',
  key: (req) => req.user?.id || req.ip
})

Different Windows per Tier

You can also vary the time window based on the user tier.

const tierConfig = {
  free: { limit: 100, window: '1h' },
  pro: { limit: 500, window: '1m' },
  enterprise: { limit: 5000, window: '1m' }
};

app.use((req, res, next) => {
  const tier = req.user?.tier || 'free';
  const config = tierConfig[tier];

  hitlimit({
    limit: config.limit,
    window: config.window,
    key: () => `${tier}:${req.user?.id || req.ip}`
  })(req, res, next);
})

Multiple Limiters

Apply separate rate limiters for different endpoints or user groups.

const freeLimiter = hitlimit({
  limit: 100,
  window: '1h'
});

const proLimiter = hitlimit({
  limit: 1000,
  window: '1h'
});

app.use('/api', (req, res, next) => {
  if (req.user?.tier === 'pro') {
    return proLimiter(req, res, next);
  }
  return freeLimiter(req, res, next);
})