How to Bypass Rate Limiting for Admin in a Custom Directus Extension

julio · May 1, 2025, 1:09pm

Hi everyone!

I want regular users to be limited as expected, but I’d like admin users (or users with specific roles) to bypass the rate limit altogether.

I’m aware that Directus has built-in rate limiting, but I’d like to know how I can conditionally skip the limiter based on the user role — ideally from within a custom hook in a Directus extension.

Has anyone done something similar?
Is there a recommended way to check the user role and bypass the limiter inside a custom extension?

Any help or examples would be greatly appreciated!

Thanks

julio · May 2, 2025, 10:48am

I found that rate limiting in Directus is handled by Express middleware, so the accountability object (with user role) isn’t available yet.

Is there a hook or way to override this middleware so I can implement a custom rate limiter that checks for a special header like X-BYPASS-RATE-LIMIT with a token to bypass the limit?

Thanks

Topic		Replies	Views
Accessing Directus Middlewares in an extension Help authentication	1	30	May 12, 2025
Using Directus permissions and access policies in existing Node backend Help	1	30	April 30, 2025
New User fields not editable for non admins Help permissions	0	8	May 14, 2025
How do I implement user authentication in Directus? Help authentication	1	57	May 12, 2025
Cross Domain Cookie from Localhost returning 401s and 403s Help api , authentication	7	37	May 16, 2025

How to Bypass Rate Limiting for Admin in a Custom Directus Extension

Related topics