Rate Limiting
Rate limiting is a technique for controlling the number of requests a client can make to a service within a given time window, used to protect systems from overload, abuse, and unfair resource consumption.
29 resources across 2 libraries
Glossary Terms(8)
API Gateway
An API Gateway is a server that sits in front of one or more backend services, acting as a single entry point that handles routing, authentication, rate limiti…
Circuit Breaker Pattern
The Circuit Breaker Pattern is a resilience design pattern that stops an application from repeatedly calling a service that is likely to fail, allowing it to r…
Rate Limiting
Rate limiting is a technique for controlling the number of requests a client can make to a service within a given time window, used to protect systems from ove…
Webhooks
A webhook is a mechanism for one application to notify another in real time by sending an HTTP POST request to a pre-configured URL whenever a specific event o…
API Security Gateway
An API security gateway is a dedicated proxy layer that sits in front of an organization's APIs to enforce authentication, authorization, rate limiting, schema…
Rate Limiting (Security)
Rate limiting, as a security control, is the practice of capping how many requests a client can make to a system within a given time window, in order to preven…
Bot Detection
Bot detection is the set of techniques used to distinguish automated, non-human traffic from genuine human users interacting with a website, application, or AP…
Account Takeover Protection
Account takeover (ATO) protection refers to the layered security controls — including credential monitoring, anomaly detection, multi-factor authentication, an…
Interview Questions(21)
How Do You Implement API Rate Limiting With Database-Backed Counters?
Database-backed rate limiting stores a per-client request counter and a time window in a row, atomically incrementing that counter on each request and rejectin…
What is an API Gateway (from a Networking Perspective)?
An API gateway is a single, network-facing entry point that sits in front of a collection of backend services and handles cross-cutting request concerns — rout…
What is Rate Limiting?
Rate limiting is the practice of capping how many requests a client can make to a service within a given time window, protecting the system from overload and a…
What is an API Gateway?
An API gateway is a single entry point that sits in front of a system’s backend services, routing client requests to the right service while centrally handling…
How to Design a Rate Limiter?
A rate limiter is designed by choosing an algorithm (token bucket, leaky bucket, fixed window, or sliding window log) that tracks request counts per client key…
How Would You Design a Notification System?
A notification system is designed as an event-driven pipeline where upstream services publish notification events to a queue, a set of channel-specific workers…
How Would You Design Pastebin?
Pastebin is a text-snippet sharing service built around three core pieces: a short unique key generator for each paste, an object store or blob-friendly databa…
How to Design an API Rate Limiter
An API rate limiter design centers on a shared, low-latency counter store (typically Redis) that tracks per-client request counts using a sliding-window or tok…
How to Design a Flash Sale System
A flash sale system survives a massive, near-instant demand spike on a tiny stock count by throttling traffic before it hits the database, reserving inventory…
How to Design a Coupon System
A coupon system stores codes and their rules (discount type, eligibility, usage caps) separately from redemption records, validates each redemption against rem…
How to Design a URL Crawler Frontier
A URL crawler frontier is the prioritized, politeness-aware queue that decides which URL a crawler fetches next, combining per-host rate limiting, priority sco…
What is Load Shedding in System Design?
Load shedding is the practice of deliberately rejecting or degrading a portion of incoming requests once a system approaches overload, so that the requests it…
What Are the Main Rate Limiting Algorithms?
The main rate limiting algorithms are token bucket, leaky bucket, fixed window counter, sliding window log, and sliding window counter, each trading off burst…
Token Bucket vs Leaky Bucket: What Is the Difference?
Token bucket allows bursts of traffic up to a stored capacity of accumulated tokens while enforcing a long-run average rate, whereas leaky bucket forces reques…
Fixed Window vs Sliding Window Rate Limiting: What Is the Difference?
Fixed window rate limiting counts requests in discrete, non-overlapping time buckets like “per calendar minute,” while sliding window rate limiting evaluates t…
API Gateway vs Load Balancer: What Is the Difference?
A load balancer distributes incoming traffic across multiple identical instances of a single service to spread load and provide failover, while an API gateway…
How Do You Implement Rate Limiting Across Multiple Servers?
Distributed rate limiting means enforcing a shared request budget for a client across many stateless application servers, which requires moving the counter or…
What Are Common API Rate Limiting Strategies?
API rate limiting caps how many requests a client can make in a given time window, most commonly implemented with token bucket, fixed window, or sliding window…
What Is the API Gateway Pattern?
An API gateway is a single entry point that sits in front of a set of backend services, routing each incoming request to the right service while centrally hand…
What is an API Gateway?
An API Gateway is a single, managed entry point that sits in front of a set of backend services, handling cross-cutting concerns like authentication, rate limi…
Rate Limiting in Distributed Systems
Rate limiting caps how many requests a client, service, or API key can make within a time window, protecting backend systems from overload, abuse, and cascadin…