diff --git a/apps/api/flowaccount-workshop/src/routes/index.ts b/apps/api/flowaccount-workshop/src/routes/index.ts
index 38ca3af..dab6448 100644
--- a/apps/api/flowaccount-workshop/src/routes/index.ts
+++ b/apps/api/flowaccount-workshop/src/routes/index.ts
@@ -1,16 +1,23 @@
-import * as express from 'express'
-import * as fs from 'fs'
+import * as express from 'express';
+import * as fs from 'fs';
+import RateLimit from 'express-rate-limit';
+
 export const router = express.Router();
 
+// set up rate limiter: maximum of 100 requests per 15 minutes
+const limiter = RateLimit({
+  windowMs: 15 * 60 * 1000, // 15 minutes
+  max: 100, // max 100 requests per windowMs
+});
+
 /* GET home page. */
-router.get('/', function (req, res, next) {
-  
+router.get('/', limiter, function (_req, res) {
   try {
     fs.readFile('./README.md', 'utf8', (err, data) => {
-      console.log('shit', err)
-    if (err) {
-      return res.status(500).send('Error reading README.md');
-    }
+      console.log('shit', err);
+      if (err) {
+        return res.status(500).send('Error reading README.md');
+      }
 
       res.send(`
           <!DOCTYPE html>
@@ -22,9 +29,10 @@ router.get('/', function (req, res, next) {
               ${data}
             </body>
           </html>
-        `); 
+        `);
     });
-  } catch (err) { console.log('ERROR'); console.log(err) }
+  } catch (err) {
+    console.log('ERROR');
+    console.log(err);
+  }
 });
-
-
diff --git a/package.json b/package.json
index ac24354..7385bf7 100644
--- a/package.json
+++ b/package.json
@@ -11,6 +11,7 @@
   "dependencies": {
     "@flowaccount/openapi-sdk": "^0.0.39",
     "@types/aws-lambda": "^8.10.86",
+    "express-rate-limit": "^7.4.0",
     "graphql": "^16.3.0",
     "graphql-language-service-parser": "^1.10.4",
     "graphql-request": "^4.2.0",
@@ -23,6 +24,10 @@
   "devDependencies": {
     "@flowaccount/nx-aws-cdk": "^2.0.3",
     "@flowaccount/nx-serverless": "^3.2.6",
+    "@nx/eslint": "18.0.4",
+    "@nx/eslint-plugin": "18.0.4",
+    "@nx/node": "18.0.4",
+    "@nx/workspace": "18.0.4",
     "@openapitools/openapi-generator-cli": "^2.4.26",
     "@trumbitta/nx-plugin-openapi": "^1.12.1",
     "@types/jest": "^27.5.1",
@@ -31,17 +36,13 @@
     "@typescript-eslint/parser": "7.16.0",
     "cookie-parser": "~1.4.4",
     "debug": "~2.6.9",
-    "express": "~4.16.1",
-    "morgan": "~1.9.1",
-    "http-errors": "~1.6.3",
     "eslint": "8.57.0",
     "eslint-config-prettier": "9.0.0",
+    "express": "~4.16.1",
+    "http-errors": "~1.6.3",
+    "morgan": "~1.9.1",
     "prettier": "^2.5.1",
     "ts-jest": "^27.1.5",
-    "typescript": "~4.5.2",
-    "@nx/workspace": "18.0.4",
-    "@nx/eslint-plugin": "18.0.4",
-    "@nx/node": "18.0.4",
-    "@nx/eslint": "18.0.4"
+    "typescript": "~4.5.2"
   }
 }
diff --git a/yarn.lock b/yarn.lock
index e1bff5c..ecf43fe 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -7575,6 +7575,11 @@ exponential-backoff@^3.1.1:
   resolved "https://registry.yarnpkg.com/exponential-backoff/-/exponential-backoff-3.1.1.tgz#64ac7526fe341ab18a39016cd22c787d01e00bf6"
   integrity sha512-dX7e/LHVJ6W3DE1MHWi9S1EYzDESENfLrYohG2G++ovZrYOkm4Knwa0mc1cn84xJOR4KEU0WSchhLbd0UklbHw==
 
+express-rate-limit@^7.4.0:
+  version "7.4.0"
+  resolved "https://registry.yarnpkg.com/express-rate-limit/-/express-rate-limit-7.4.0.tgz#5db412b8de83fa07ddb40f610c585ac8c1dab988"
+  integrity sha512-v1204w3cXu5gCDmAvgvzI6qjzZzoMWKnyVDk3ACgfswTQLYiGen+r8w0VnXnGMmzEN/g8fwIQ4JrFFd4ZP6ssg==
+
 express@^4.17.3:
   version "4.20.0"
   resolved "https://registry.yarnpkg.com/express/-/express-4.20.0.tgz#f1d08e591fcec770c07be4767af8eb9bcfd67c48"