How to Rate Limit Your AI API Routes in Next.js

How to Rate Limit Your AI API Routes in Next.js Without rate limiting, a single abusive user can exhaust your entire Claude/OpenAI budget in minutes. Here's a production-ready implementation using Upstash Redis — no infrastructure to manage, works on Vercel's edge. Why Rate Limit AI Routes Specifically Standard web routes: a bad actor sends 10,000 requests, your server gets slow. AI routes: a bad actor sends 1,000 requests, you get a $500 Claude bill. The cost profile makes rate limiting non-optional for any AI feature that's user-accessible. Setup npm install @upstash/ratelimit @upstash/redis Create a free Redis database at upstash.com — the free tier handles 10,000 requests/day which is plenty for most early-stage apps. Basic Rate Limiter lib/ratelimit.ts : import { Ratelimit } from " @upstash/ratelimit " ; import { Redis } from " @upstash/redis " ; // Sliding window: 10 requests per user per 60 seconds export const ratelimit = new Ratelimit ({ redis : Redis . fromEnv (), limiter : R