rate-limit-rejector

The internal:rate-limit-rejector interceptor rejects requests with 429 Too Many Requests when the gateway’s rate limit counter reports the limit has been exceeded.

It is designed for use with enforce: false rate limit configurations, where the gateway counts and populates rate limit data but does not enforce natively. This interceptor provides the enforcement step.

Registration

actions:
  - target: "$.paths[*].get"
    update:
      x-plenum-interceptor:
        - module: "internal:rate-limit-rejector"
          hook: on_request
          function: checkRateLimit

Hook

Hook	Function	Can short-circuit
`on_request`	`checkRateLimit`	Yes

Options

No configuration options. The interceptor reads rate limit state from the gateway-provided input.rateLimits object.

Input

The interceptor reads input.rateLimits, a gateway-populated object:

Field	Type	Description
`over`	`boolean`	`true` when the rate limit has been exceeded

The rateLimits object is only populated when rate limit configuration is active on the upstream.

Behaviour

If rateLimits is missing or rateLimits.over is false, the request continues to the upstream.
If rateLimits.over is true, the interceptor short-circuits with 429.

Error response

{
  "error": "rate limit exceeded"
}

Status code 429.

Why use `enforce: false`?

With enforce: false, the gateway counts rate limits but does not reject requests. This allows custom logic (logging, metrics, header injection) to run in earlier interceptors before the rejector fires:

x-plenum-interceptor:
  - module: "./interceptors/log-rate-limit.js"
    hook: on_request
    function: logRateLimit
  - module: "internal:rate-limit-rejector"
    hook: on_request
    function: checkRateLimit

The log interceptor can inspect input.rateLimits and emit metrics, then the rejector enforces. The order of interceptors in the array controls execution order.