Reference
Rate Limiting
Rate limiting for TMDB-backed requests and recommendation generation
TMDB-backed requests and recommendation generation are rate-limited using Upstash Ratelimit with Upstash Redis.
Limits
| Limiter | Limit | Window | Key |
|---|---|---|---|
tmdbLimiter | 40 requests | 1 second | Global key tmdb:global |
recommendationLimiter | 10 requests | 1 day | Authenticated user ID |
The TMDB limiter uses a fixed window. The recommendation limiter uses a sliding window.
Response Headers
TMDB-backed responses include:
| Header | Description |
|---|---|
X-RateLimit-Limit | Total requests allowed in the window |
X-RateLimit-Remaining | Requests remaining in the current window |
X-RateLimit-Reset | Timestamp (ms) when the window resets |
The TMDB helper also emits:
X-TMDB-RateLimit-LimitX-TMDB-RateLimit-RemainingX-TMDB-RateLimit-Reset
Recommendation generation responses include the standard X-RateLimit-* headers with the per-user daily quota values.
Rate Limit Exceeded
When the TMDB limit is exceeded the server responds with 429 Too Many Requests:
{
"statusCode": 429,
"message": "Rate limit exceeded for TMDB API. Please try again later."
}
When the recommendation limit is exceeded the server responds with 429 and a daily quota message.
Implementation
The limiters are defined in their owning utility domains and applied in:
server/utils/tmdb/rate-limit.tsbefore outbound TMDB requests (tmdbLimiter)server/utils/recommendations/rate-limit.tsfor authenticated recommendation generation (recommendationLimiter)
Environment Setup
Two Upstash Redis environment variables are required:
UPSTASH_REDIS_REST_URL=https://your-db.upstash.io
UPSTASH_REDIS_REST_TOKEN=your_token_here
Get these from Upstash console after creating a Redis database.