Skip to content

Rate Limiter

Medium — good to knowBackend

ELI5 — The Vibe Check

A rate limiter controls how many requests someone can make to your API in a given time window. It's the bouncer who says 'you've had enough — come back in a minute.' Without it, one bad actor can spam your server into oblivion, or a buggy client can accidentally DDoS you.

Real Talk

Rate limiting restricts the number of API requests a client can make within a time window. It protects against abuse, DDoS attacks, and resource exhaustion. Common algorithms include fixed window, sliding window, token bucket, and leaky bucket. Typically implemented via middleware using Redis for distributed counting.

Show Me The Code

const rateLimit = require('express-rate-limit');

app.use(rateLimit({
  windowMs: 15 * 60 * 1000, // 15 minutes
  max: 100, // 100 requests per window
  message: 'Too many requests, slow down!'
}));

When You'll Hear This

"We need rate limiting on the login endpoint to prevent brute force." / "The rate limiter returns 429 Too Many Requests when you exceed the limit."

Related Terms

Leaky Bucket

A leaky bucket processes requests at a fixed rate, like water dripping from a bucket. No matter how fast requests pour in, they come out at a steady drip.

advancedBackend

Sliding Window Rate Limit

Sliding window rate limiting counts requests in a moving time window instead of fixed buckets. With fixed windows, you could make 100 requests at 11:59 and

advancedBackend

Throttling

Throttling is like rate limiting's cousin — instead of blocking requests outright, it slows them down.

intermediateBackend

Token Bucket

A token bucket is a rate limiting algorithm. Imagine a bucket that fills with tokens at a steady rate. Each request costs one token.

advancedBackend
Back to Browse Random Term

Made with passive-aggressive love by manoga.digital. Powered by Claude.