Implementing Api Rate Limiting N8N Airtable Redis — Complete Guide [2026]

What This Workflow Does

This workflow controls how many times a user can call an API. It stops users from sending too many requests in a short time. It tracks usage by API Key per minute and per hour. When limits are passed, it blocks requests and shows a message. Users get Pokemon data only if they stay within set limits.

This solves server slowdowns and abuse by fair usage control. It saves resources and keeps responses fast for everyone.

Tools and Services Used

• n8n Webhook node: Receives incoming API calls securely with header authentication.
• Redis Cloud: Counts requests per user and keeps data with expiration (TTL).
• Airtable: Stores and provides Pokemon data records.
• HTTP Header Authentication: Protects webhook access by validating API keys.

Inputs, Processing, and Output

Inputs

• Incoming API requests through a webhook URL.
• Requests must include x-api-key header for identification.

Processing Steps

• Webhook receives and authenticates request header.
• Builds dynamic Redis keys combining API key with current minute and hour.
• Increments counters in Redis for per-minute and per-hour usage.
• Checks if counters pass defined limits (10 per minute, 60 per hour).
• Blocks or allows request based on limit checks.
• If allowed, Airtable is queried to get Pokemon data.
• Formats response with usage info and requested data.

Output

• A JSON response showing Pokemon details and current request count if limits are okay.
• A friendly message that usage limit exceeded if too many calls made.

Who Should Use This Workflow

Developers managing APIs requiring usage limits for fair access.

Teams wanting to prevent system overload and manage costs by blocking overuse.

Users needing simple hourly and per-minute API rate controls with easy scaling.

Beginner step-by-step: How to use this workflow in n8n

Step 1: Import the Workflow

1. Download the workflow file using the Download button on this page.
2. Inside the n8n editor, choose Import from File and select the downloaded file.

Step 2: Configure Credentials and Settings

1. Add your Airtable API credentials in n8n credentials manager.
2. Add Redis Cloud credentials configured for your Redis database.
3. Set up HTTP Header Authentication credentials with your valid API keys.
4. Update table names or base IDs in Airtable node if your setup differs.

Step 3: Test the Workflow

1. Send a test API request to the webhook URL with a valid x-api-key header.
2. Verify that request counts increment and data returns properly.
3. Try sending over 10 requests per minute or 60 per hour to see the limit messages.

Step 4: Activate for Production Use

1. Turn on the workflow by toggling its active switch in n8n.
2. Deploy this webhook URL as your API endpoint for clients with header authentication.
3. Use monitoring to track usage and errors via Redis and n8n logs.
4. Consider self-host n8n for better control and security in production.

Breaking Down Important Expressions and Code

The Set node for per-minute key uses this expression combining API key and current time:

{{$json["headers"]["x-api-key"] +'-'+ new Date().getHours() +'-'+ new Date().getMinutes()}}

This makes a key like user123-14-23 showing user and current hour and minute.

For per-hour limiting, this expression is used in another Set node:

{{$node['Webhook1'].json["headers"]["x-api-key"] +'-'+ new Date().getHours()}}

It creates a key like user123-14 counting all requests this hour.

The Function node formats response to include limit info and Pokemon names and URLs:

const limit = `Limit consumed: `+ $node['Redis1'].json[$node['Set2'].json['apiKey']];
return [{ json: {
  message:limit,
  body: items.map(item => ({
    name: item.json.fields.name,
    url: item.json.fields.url
  }))
}}];

Customization Ideas

• Change request limits in If nodes to match your needs (e.g., 20 per minute).
• Modify the response to include more Pokemon data or filter specific entries.
• Add more detailed limit exceeded messages with retry time info or contact support links.
• Use logging nodes to record API keys that exceed limits and possibly block or blacklist them.
• Create longer period limits (daily counts) by adding new Redis keys in the workflow.

Edge Cases and Failure Handling

Make sure Redis keys increment correctly by checking key naming and TTL (expiration) settings.

If Airtable data isn’t fetched, check credentials and exact table names in the Airtable node.

Unauthorized access means the header authentication is missing or misconfigured on the webhook node.

Test different scenarios of rapid requests to confirm limits trigger properly.

Summary of Benefits and Outcome

✓ Control API request frequency per user to prevent abuse.
✓ Keep server speed steady and avoid overload.
✓ Automatically reset counts with Redis TTL.
✓ Give clear feedback to users when hitting limits.
✓ Deliver requested Pokemon data only when allowed.
→ A fair API system that saves work and keeps users happy.
→ Easier to maintain and monitor usage with Redis and n8n logs.
→ Simple to deploy and customize inside your existing n8n setup.