High-performance rate limiting for .NET APIs. Supports token bucket, sliding window, fixed window, and concurrency limiting — with per-client and per-endpoint policies, pluggable storage for distributed state, and ASP.NET Core middleware integration.
- Token Bucket — Smooth rate limiting with configurable burst capacity and refill rate
- Sliding Window — Accurate request counting over rolling time windows
- Fixed Window — Simple time-sliced rate limiting with automatic reset
- Concurrency Limiter — Cap simultaneous in-flight requests per client or endpoint
- Per-Client Policies — Rate limit by IP, API key, user ID, or custom partition key
- Per-Endpoint Policies — Different limits for different routes via
[RateLimit]/[DisableRateLimiting] - Extensible Storage — In-memory by default; implement
IRateLimitStorefor Redis or other backends - Retry-After Headers — Automatic
Retry-AfterandX-RateLimit-*response headers - Middleware — Drop-in ASP.NET Core middleware with
services.AddRateLimiting()
dotnet add package JG.RateLimiterusing JG.RateLimiter;
using JG.RateLimiter.Policies;
builder.Services.AddRateLimiting(options =>
{
options.AddPolicy("api", new TokenBucketPolicy
{
PermitLimit = 100,
Window = TimeSpan.FromMinutes(1),
BurstLimit = 20,
PartitionBy = context => context.Connection.RemoteIpAddress?.ToString()
});
});
app.UseRouting();
app.UseRateLimiting();
app.MapControllers();- API Reference — Full API documentation and examples
Contributions are welcome! Please feel free to submit a Pull Request.
Licensed under the Apache License 2.0. See LICENSE for details.
Ready to get started? Install via NuGet and check out the API reference.