Skip to content

Overview

Rately is a configurable, per-identity rate limiting service that runs at Cloudflare's edge. Block abusive traffic before it reaches your servers. Limit by user ID, API key, header, query, or URL param — not just IP.

Get Started → Documentation →


  • Edge Enforcement

    Block rate-limited requests at Cloudflare's edge with ~25ms added latency. Traffic never reaches your origin.

  • Flexible Identity

    Rate limit by user ID, API key, header, query param, or custom attributes — not just IP addresses.

  • Drop-in Integration

    CNAME your API through Rately (proxy mode) or call our Decision API — zero code changes required.

  • Real-time Analytics

    Track usage patterns, identify top consumers, and monitor rate limit hits with detailed analytics.

Why Choose Rately?

Built for Scale

Running on Cloudflare's global network with 300+ locations worldwide, Rately handles millions of requests per second with atomic counters via Durable Objects.

Instant Configuration

Change rate limits on the fly. Override limits for specific users. No redeploys needed — changes take effect globally in seconds.

Developer Friendly

Simple REST API, SDKs for major languages, and comprehensive documentation. Integrate in minutes, not days.

Usage-Based Billing Ready

Track and aggregate usage data per customer. Export to Stripe or your billing system for metered billing and overage charges.

How It Works

Client → api.yourapp.com (CNAME) → Rately Edge → Your Origin
Traffic flows through Rately. We check limits and forward allowed requests to your origin with rate limit headers.

Control Plane Mode

Client → Your API → POST /check (Rately) → Allow/Deny Response
Your application calls Rately's Decision API to check if a request should be allowed.

Key Features

  • Token Bucket & Sliding Window algorithms for precise rate limiting
  • Custom Policies per endpoint, method, or resource
  • Override Rules for VIP users or specific conditions
  • Signed Configurations with automatic edge distribution
  • Fail-Safe Modes (open/closed/soft) for reliability
  • DDoS Protection integration with Cloudflare WAF

Example Configuration

policies:
  - id: api_standard
    match: /api/*
    key: "user:{header.x-api-key}"
    limit: 1000
    window_seconds: 60

  - id: api_premium
    match: /api/*
    key: "user:{header.x-api-key}"
    limit: 10000
    window_seconds: 60
    overrides:
      - when: { header.x-plan: "enterprise" }
        limit: unlimited

Get started for free →