I found this in the recipes:
Rate limiting a route by current user (using Flask-Login):
@route("/test")
@login_required
@limiter.limit("1 per day", key_func = lambda : current_user.username)
def test_route():
return "42"
UPDATED: added simple example
Here is a simple Flask app implementing the recipe to give you better idea:
from flask import Flask, redirect
from flask_login import (
LoginManager,
UserMixin,
current_user,
login_required,
login_user,
logout_user
)
from flask_limiter import Limiter
app = Flask(__name__)
# flask-login
app.secret_key = 'super secret string'
login_manager = LoginManager()
login_manager.init_app(app)
# flask-limiter
limiter = Limiter(app)
# user class
class User(UserMixin):
def __init__(self, id):
self.id = id
self.username = id
# memory storage
users = [User('user')]
@login_manager.user_loader
def load_user(user_id):
return users[0]
@app.route('/')
def index():
return 'Hello, World!'
@app.route('/login')
def login():
if not current_user.is_authenticated:
login_user(users[0])
return redirect('/secured')
@app.route('/logout')
@login_required
def logout():
logout_user()
return redirect('/')
@app.route('/secured')
@login_required
@limiter.limit("2 per day", key_func = lambda : current_user.username)
def secured():
return f"Hello, {current_user.id}"
if __name__ == '__main__':
app.run()
Flask-Limiter
flask-limiter.readthedocs.io
Flask-Limiter {4.1.1}
Flask-Limiter adds rate limiting to Flask applications. By adding the extension to your flask application, you can configure various rate limits at different levels (e.g. application wide, per Blue...
PyPI
pypi.org › project › Flask-Limiter
Flask-Limiter · PyPI
Flask-Limiter adds rate limiting to Flask applications.
» pip install Flask-Limiter
python - How can I rate-limit my Flask application per user? - Stack Overflow
https://flask-limiter.readthedocs.io/en/stable/ I am looking at Flask-Limiter's documentations and I'm unable to find how to rate-limit per user, everything is globally. Example, Instead of setting... More on stackoverflow.com
How do I implement rate limiting?
You may store each API call in db, then in @before_request check how many requests were received in the last x seconds from this IP address or API key. If you don't want to store each request, just update stats, use 1 row for IP or key. More on reddit.com
8
7
June 14, 2025Rate Limiting
Every IPv4 is 4 bytes (32 bits) Which mean you can store 4,000,000 in one megabyte. In reality you would use a database such as redis so you can store them and not lose them when restarting your application. Read the docs to implement this. More on reddit.com
2
0
November 23, 2020Flask Rate Limiter does not seem compatible with Background Callbacks - any other options?
Hi, I have been using Flask Limiter in my Dash apps to limit the number of requests from one IP address in a given timeframe to stop malicious users or bots from overwhelming my site with requests. This seemed to work quite well by including the below lines in my Dash app: from flask_limiter ... More on community.plotly.com
0
0
July 28, 2023Videos
GitHub
github.com › alisaifee › flask-limiter › releases
Releases · alisaifee/flask-limiter
Rate Limiting extension for Flask . Contribute to alisaifee/flask-limiter development by creating an account on GitHub.
Author alisaifee
Reddit
reddit.com › r/flask › how do i implement rate limiting?
r/flask on Reddit: How do I implement rate limiting?
June 14, 2025 -
How do I implement rate limiting in my api? Would I have to use redis?
Top answer 1 of 5
6
You may store each API call in db, then in @before_request check how many requests were received in the last x seconds from this IP address or API key. If you don't want to store each request, just update stats, use 1 row for IP or key.
2 of 5
6
Thankfully, there’s a package for that. Flask Limiter can be used to throttle requests at specific endpoints or across the entire application.
Anaconda.org
anaconda.org › conda-forge › flask-limiter
flask-limiter - conda-forge | Anaconda.org
Install flask-limiter with Anaconda.org. Rate limiting for flask applications
SourceForge
sourceforge.net › projects › flask-limiter.mirror
Flask-Limiter download | SourceForge.net
Download Flask-Limiter for free. Rate Limiting extension for Flask. Flask-Limiter provides rate-limiting features to flask applications. It allows configuring various backends to persist the rate limits, which is provided by the limits library.
Medium
medium.com › @alfininfo › improve-flask-api-security-implement-rate-limiting-b82104032647
Improve Flask API Security: Implement Rate Limiting | by Alfin Fanther | Medium
December 31, 2024 - There are several ways to implement Rate Limiting in Flask, one of which is by using the Flask-Limiter extension.
Medium
medium.com › analytics-vidhya › how-to-rate-limit-routes-in-flask-61c6c791961b
How to Rate Limit Routes in Flask | by Marvin Davila | Analytics Vidhya | Medium
February 16, 2020 - In flask there is a extension called flask limiter. This extension allows you to limit the amount of request on a particular route. Each route can have different request limits or be exempt to have no limits.
LinkedIn
linkedin.com › all › engineering › web applications
What is Flask-Limiter and how can it be used to implement rate limiting in a RESTful API?
March 6, 2024 - Flask-Limiter is an extension for Flask that provides a simple and flexible way to define and enforce rate limits on your API endpoints. It integrates with various backends, such as Redis, Memcached, or in-memory storage, to keep track of the ...
Reddit
reddit.com › r/flask › rate limiting
r/flask on Reddit: Rate Limiting
November 23, 2020 -
Basically I have an flask end point which is open to all (no user login required). I want to limit the access to the endpoint (e.g. 5 request/day). I want to throw an 429 error once the limit has reached.
Ideally, I would like to implement the same logic what medium.com uses to limit free readings to 3 per month.
I have read about Flask-Limitter (https://flask-limiter.readthedocs.io/en/stable/). The question I am having is will it make my application slow by keeping track of ips in memory?
Does anyone have any better examples/ideas with them?
TIA
Top answer 1 of 2
2
Every IPv4 is 4 bytes (32 bits) Which mean you can store 4,000,000 in one megabyte. In reality you would use a database such as redis so you can store them and not lose them when restarting your application. Read the docs to implement this.
2 of 2
1
Flask-Limiter supports redis as a backend which should be pretty quick. The only way to know for sure is by testing yourself, with a loadtesting tool like hey , first without limiting, then with limiting. I doubt you would see much difference. I'd say just roll it in, then deal with any performance issues later. My only gripe with Flask Limiter was it didn't work very well with Pluggable Views . If you just have a standard Flask app, where you can add the @limiter.limit decorator alongside an @app.route decorator (as per the quickstart ) then you're in business. I also remember it working badly with blueprints: something like you could apply a limit to an entire blueprint, but not individual routes within that blueprint (I'm hazy on this cause it was a while back).
Plotly
community.plotly.com › dash python
Flask Rate Limiter does not seem compatible with Background Callbacks - any other options? - Dash Python - Plotly Community Forum
July 28, 2023 - Hi, I have been using Flask Limiter in my Dash apps to limit the number of requests from one IP address in a given timeframe to stop malicious users or bots from overwhelming my site with requests. This seemed to work quite well by including the below lines in my Dash app: from flask_limiter import Limiter from flask_limiter.util import get_remote_address from flask import Flask import flask server = Flask(name) app = Dash(name, title=‘myapp’,server=server) limiter = Limiter(app=ap...
GitHub
github.com › alisaifee › flask-limiter
GitHub - alisaifee/flask-limiter: Rate Limiting extension for Flask · GitHub
Flask-Limiter adds rate limiting to Flask applications.
Starred by 1.2K users
Forked by 128 users
Languages Python
Medium
medium.com › illumination › flask-ratelimiter-how-to-implement-rate-limiting-in-your-python-code-34b84ff8c661
Flask-RateLimiter: How to Implement Rate Limiting in Your Python Code | by Siva Murugan | ILLUMINATION | Medium
October 25, 2024 - In this blog post, we will learn about rate limiting using the most popular extension “flask-limiter”. We will cover from the beginning by installing flask, flask-limiter and MongoDB into our local machine.
LinkedIn
linkedin.com › all › software engineering practices
How can you implement rate limiting in Flask APIs?
October 25, 2023 - Flask-Limiter is a Flask extension that provides rate limiting features for your Flask APIs. It allows you to define the rate limit rules for each endpoint, such as the number of requests per second, minute, hour, or day.
Til-dev
til-dev.com › posts › 315
Flask rate limit - Today I Learned
December 10, 2024 - Flask-Limiter adds rate limiting to Flask applications.
New Releases
newreleases.io › project › pypi › Flask-Limiter › release › 2.1
Flask-Limiter 2.1 on Python PyPI
January 16, 2022 - New release Flask-Limiter version 2.1 on Python PyPI.
DOKK
dokk.org › documentation › flask-limiter › 2.9.2 › api
API - Flask-Limiter {2.9.2}
exempt_when – function/lambda used to decide if the rate limit should skipped. ... When used with a Blueprint the meaning of the parameter extends to any parents the blueprint instance is registered under. For more details see Nested Blueprints · deduct_when – a function that receives the current flask.Response object and returns True/False to decide if a deduction should be done from the rate limit
Debian
tracker.debian.org › pkg › flask-limiter
flask-limiter - Debian Package Tracker
source: flask-limiter (main) version: 3.12-2 · maintainer: Debian Python Team (DMD) uploaders: Nicolas Dandrimont [DMD] arch: all · std-ver: 4.7.2 · VCS: Git (Browse, QA) versions [more versions can be listed by madison] [old versions available from snapshot.debian.org] [pool directory] oldstable: 3.3.0-1 ·