Skip to content

Add rate limiting to prevent API abuse #4

Open
#9
Open
Add rate limiting to prevent API abuse#4
#9
Assignees
timothywarnercopilot-swe-agent
Labels
enhancementNew feature or requestsecuritySecurity related issues
@timothywarner

Description

@timothywarner
timothywarner
opened on Jan 6, 2026

Description

The API currently has no rate limiting, which could allow abuse. We should add basic rate limiting to protect the service.

Requirements

  • Use express-rate-limit package
  • Limit to 100 requests per 15 minutes per IP
  • Return 429 Too Many Requests when limit exceeded
  • Add custom error message explaining the limit

Example Response (when rate limited)

{
  "error": {
    "message": "Too many requests. Please try again in 15 minutes.",
    "status": 429
  }
}

Acceptance Criteria

  • Rate limiting middleware is added
  • Limit is configurable via environment variable
  • Appropriate headers are returned (X-RateLimit-Limit, X-RateLimit-Remaining)

Metadata

Metadata

Assignees

Labels

enhancementNew feature or requestsecuritySecurity related issues

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions