Day 5

APIThrottle

Intelligent rate limiting with behavioral scoring. Automatically detects and blocks bots while giving trusted users higher limits.

Interactive Demo

Simulate API traffic to see how the scoring engine adapts to block bots and suspicious behavior.

Test Pattern:

Client Reputation

Trust Score50/100
Status: normalRequests: 0 / 60 (10s window)

Current Decision

ALLOWSOFT LIMITBLOCK

Response Header:

X-Throttle-Status: allow
Response PreviewWaiting...
// Response will appear here...

Integration

PROXYhttps://apithrottle.workerscando.workers.dev/api/throttle

Wrap your API calls with the throttle proxy to get instant protection.

curl "https://apithrottle.workerscando.workers.dev/api/throttle?url=https://your-api.com/users" \ -H "X-API-Key: your-key"

How it works

Bot Fingerprinting

Analyzes IP, JA3 (TLS), and User-Agent to create a unique fingerprint for every client.

Behavioral Scoring

Assigns a trust score (0-100) based on request frequency patterns and regularity.

Adaptive Limits

Trusted users get higher limits (90 req/min), while bots get strict limits (18 req/min).

API Reference

GET/POST/api/throttle?url=...

Proxy your API request with intelligent rate limiting. All headers are forwarded to the target.

Response Headers:
X-Throttle-Status: allow | soft | block
X-Throttle-Score: 0-100 (client trust score)
X-Throttle-Classification: trusted | normal | suspicious | bot
X-Throttle-Remaining: requests remaining in window
GET/api/check

Check your current throttle status without making a proxied request. Useful for monitoring.

GET/api/stats

View rate limit configuration and global analytics (if enabled).

Deploy Your Own

Want to run this on your own Cloudflare account? Here's how to deploy your own API Throttle worker in minutes:

1

Clone the Worker

git clone https://github.com/workerscando/apithrottle
cd apithrottle
2

Create KV Namespace

npx wrangler kv:namespace create "THROTTLE_KV"

Copy the returned ID and paste it in wrangler.toml

3

Deploy to Cloudflare

npx wrangler deploy

Your worker will be live at https://apithrottle.YOUR-SUBDOMAIN.workers.dev

Use It!

Replace your direct API calls with the throttle proxy. Your APIs are now protected from spam, bots, and abuse—completely free on Cloudflare's edge network.

Default Rate Limits

90
req/min • Trusted
60
req/min • Normal
18
req/min • Bot/Suspicious

Customize these values in the LIMITS config in src/index.ts

Wanna contribute or learn? Here's the code

Support me on Twitter for daily updates

Wanna learn why it's the best solution? Read the docs