Without limits, someone could hammer your API and run up hundreds of dollars in charges. This is the most important protection to add.
💡 Double protection: While we're adding rate limiting here, remember you can also set spending limits directly in OpenRouter (see Module 1.2). Belt and suspenders!
What to Ask Your AI IDE
"Add rate limiting to the chat API route. Limit each visitor to 10 requests per hour based on their IP address. Use Upstash Redis for production and an in-memory fallback for local development."
What is Redis and Why Use It?
Redis is a super-fast database that stores simple data (like "how many times has this IP made a request?"). It's perfect for rate limiting because:
- Speed — Checks happen in milliseconds, so your chat doesn't feel slow
- Persistence — Counts survive server restarts (unlike in-memory storage)
- Shared state — Works across multiple server instances if you scale up
Setting Up Upstash
- Go to upstash.com and create a free account
- Create a new Redis database — give it a memorable name (e.g., "portfolio-rate-limits")
- Click Connect to find your credentials
- Copy the REST URL and REST Token (you can copy both at once with a single click — they'll paste into Vercel as separate lines when adding environment variables)
Free tier: Upstash's free tier includes 500,000 commands per month and 50GB of bandwidth. For a personal website, you'll never come close to these limits.