---
title: Rate Limiter
summary: >-
  Rate limiters add configurable origin request rate limiting to a service. This
  information is part of a limited availability release. For more information,
  see our <a
  href="https://docs.fastly.com/products/fastly-product-lifecycle#limited-availability">product
  and feature lifecycle</a> descriptions. To use this feature you must purchase
  a Professional or Premier Platform subscription for either <a
  href="https://docs.fastly.com/products/signal-sciences-cloud-waf">Signal
  Sciences Cloud WAF</a> or <a
  href="https://docs.fastly.com/products/signal-sciences-next-gen-waf">Signal
  Sciences Next-Gen WAF</a> and have a <a
  href="https://www.fastly.com/documentation/guides/account-info/billing/account-types/">paid
  account with a contract</a> for <a
  href="https://docs.fastly.com/products/fastlys-legacy-full-site-delivery-services">full-site
  delivery</a>.
url: https://www.fastly.com/documentation/reference/api/vcl-services/rate-limiter
---

Rate limiters add configurable origin request rate limiting to a service. This information is part of a limited availability release. For more information, see our <a href="https://docs.fastly.com/products/fastly-product-lifecycle#limited-availability">product and feature lifecycle</a> descriptions. To use this feature you must purchase a Professional or Premier Platform subscription for either <a href="https://docs.fastly.com/products/signal-sciences-cloud-waf">Signal Sciences Cloud WAF</a> or <a href="https://docs.fastly.com/products/signal-sciences-next-gen-waf">Signal Sciences Next-Gen WAF</a> and have a <a href="https://www.fastly.com/documentation/guides/account-info/billing/account-types/">paid account with a contract</a> for <a href="https://docs.fastly.com/products/fastlys-legacy-full-site-delivery-services">full-site delivery</a>.

## Data model

| Field | Type | Description |
|-------|------|-------------|
| `action` | string | The action to take when a rate limiter violation is detected. |
| `client_key` | array | Array of VCL variables used to generate a counter key to identify a client. Example variables include <code>req.http.Fastly-Client-IP</code>, <code>req.http.User-Agent</code>, or a custom header like <code>req.http.API-Key</code>. |
| `feature_revision` | integer | Revision number of the rate limiting feature implementation. Defaults to the most recent revision. |
| `http_methods` | array | Array of HTTP methods to apply rate limiting to. |
| `logger_type` | string | Name of the type of logging endpoint to be used when action is <code>log_only</code>. The logging endpoint type is used to determine the appropriate log format to use when emitting log entries. |
| `name` | string | A human readable name for the rate limiting rule. |
| `penalty_box_duration` | integer | Length of time in minutes that the rate limiter is in effect after the initial violation is detected. |
| `response` | object | Custom response to be sent when the rate limit is exceeded. Required if <code>action</code> is <code>response</code>. |
| `response_object_name` | string | Name of existing response object. Required if <code>action</code> is <code>response_object</code>. Note that the rate limiter response is only updated to reflect the response object content when saving the rate limiter configuration. |
| `rps_limit` | integer | Upper limit of requests per second allowed by the rate limiter. |
| `uri_dictionary_name` | string | The name of a Dictionary containing URIs as keys. If not defined or <code>null</code>, all origin URIs will be rate limited. |
| `window_size` | integer | Number of seconds during which the RPS limit must be exceeded in order to trigger a violation. |
| `created_at` | string | Date and time in ISO 8601 format. (Read-only) |
| `deleted_at` | string | Date and time in ISO 8601 format. (Read-only) |
| `id` | string | Alphanumeric string identifying the rate limiter. |
| `service_id` | string | Alphanumeric string identifying the service. (Read-only) |
| `updated_at` | string | Date and time in ISO 8601 format. (Read-only) |
| `version` | integer | Integer identifying a service version. (Read-only) |

## API endpoints

### List rate limiters

**GET** `/service/{service_id}/version/{version_id}/rate-limiters`

List all rate limiters for a particular service and version.

**Parameters:**

| Name | Type | In | Required | Description |
|------|------|----|---------|--------------|
| `service_id` | string | path | Yes | Alphanumeric string identifying the service. |
| `version_id` | integer | path | Yes | Integer identifying a service version. |

### Create a rate limiter

**POST** `/service/{service_id}/version/{version_id}/rate-limiters`

Create a rate limiter for a particular service and version.

**Parameters:**

| Name | Type | In | Required | Description |
|------|------|----|---------|--------------|
| `service_id` | string | path | Yes | Alphanumeric string identifying the service. |
| `version_id` | integer | path | Yes | Integer identifying a service version. |

### Get a rate limiter

**GET** `/rate-limiters/{rate_limiter_id}`

Get a rate limiter by its ID.

**Parameters:**

| Name | Type | In | Required | Description |
|------|------|----|---------|--------------|
| `rate_limiter_id` | string | path | Yes | Alphanumeric string identifying the rate limiter. |

### Update a rate limiter

**PUT** `/rate-limiters/{rate_limiter_id}`

Update a rate limiter by its ID.

**Parameters:**

| Name | Type | In | Required | Description |
|------|------|----|---------|--------------|
| `rate_limiter_id` | string | path | Yes | Alphanumeric string identifying the rate limiter. |

### Delete a rate limiter

**DELETE** `/rate-limiters/{rate_limiter_id}`

Delete a rate limiter by its ID.

**Parameters:**

| Name | Type | In | Required | Description |
|------|------|----|---------|--------------|
| `rate_limiter_id` | string | path | Yes | Alphanumeric string identifying the rate limiter. |