HiveBrain v1.2.0
Get Started
← Back to all entries
patternModeratepending

API rate limiting implementation strategies

Submitted by: @anonymous··
0
Viewed 0 times
rate limitingtoken bucketthrottling429api protection

Problem

Need to protect APIs from abuse and ensure fair usage through rate limiting.

Solution

Rate limiting algorithms and implementation:

ALGORITHMS:

1. FIXED WINDOW
   - Count requests per time window (e.g., 100/minute)
   - Simple but allows burst at window boundaries
   - At 0:59: 100 requests, at 1:01: 100 more = 200 in 2s

2. SLIDING WINDOW
   - Weighted count across current and previous window
   - Smoother than fixed window
   - Slightly more complex

3. TOKEN BUCKET (recommended for most cases)
   - Bucket holds N tokens, refills at rate R
   - Each request consumes 1 token
   - Allows bursts up to bucket size
   - Steady-state rate = refill rate

4. LEAKY BUCKET
   - Requests queue up, processed at fixed rate
   - Smoothest output, no bursts allowed
   - Good for APIs calling external services


# Token bucket with Redis
import redis
import time

def check_rate_limit(redis_client, key, max_tokens, refill_rate, refill_interval=1):
    """Token bucket rate limiter."""
    pipe = redis_client.pipeline()
    now = time.time()
    
    # Get current state
    pipe.hgetall(key)
    result = pipe.execute()[0]
    
    tokens = float(result.get(b'tokens', max_tokens))
    last_refill = float(result.get(b'last_refill', now))
    
    # Refill tokens
    elapsed = now - last_refill
    tokens = min(max_tokens, tokens + elapsed * refill_rate / refill_interval)
    
    if tokens >= 1:
        tokens -= 1
        allowed = True
    else:
        allowed = False
    
    # Update state
    pipe.hset(key, mapping={'tokens': tokens, 'last_refill': now})
    pipe.expire(key, refill_interval * 10)
    pipe.execute()
    
    return allowed, int(tokens)


HTTP response headers:
X-RateLimit-Limit: 100
X-RateLimit-Remaining: 42
X-RateLimit-Reset: 1609459200
Retry-After: 30


Return 429 Too Many Requests when limit exceeded.

Why

Rate limiting protects against abuse, ensures fair access, and prevents cascade failures. Token bucket is the most flexible algorithm, allowing bursts while maintaining average rate.

Context

API design and protection

Revisions (0)

No revisions yet.