Controlling how fast requests can be made
Day 147 of 149
👉 Full deep-dive with code examples
The Highway On-Ramp Analogy
Highway on-ramps have traffic lights:
- Let one car through every few seconds
- Prevents too many cars entering at once
- Keeps highway traffic flowing smoothly
Rate Limiting is the traffic light for your API!
It controls how many requests can be made in a time period.
Why Rate Limit?
Without limits:
- One user can make 1,000,000 requests/second
- Server gets overwhelmed
- Everyone suffers (slow or no service)
- Attackers can crash your system
With limits:
- Each user gets 100 requests/minute
- Server stays healthy
- Fair access for everyone
- Protection from attacks
How It Works
Track requests per user/IP:
User Alice:
- Made 95 requests this minute
- Limit: 100/minute
- 5 remaining ✓
User Bob (attacker):
- Made 100 requests this minute
- Limit: 100/minute
- BLOCKED until next minute ✗
Common Strategies
Fixed window:
- Reset counter every minute
- Simple but can have edge-case bursts
Sliding window:
- Rolling time window
- Smoother limiting
Token bucket:
- Tokens refill over time
- Spend tokens to make requests
- Allows short bursts
What Happens When Limited
Server returns HTTP 429 Too Many Requests:
- "Slow down!"
- Often includes "Retry-After" header
- Tells you when to try again
In One Sentence
Rate Limiting controls how many requests users can make in a time period, protecting servers from overload and ensuring fair access for everyone.
🔗 Enjoying these? Follow for daily ELI5 explanations!
Making complex tech concepts simple, one day at a time.
Top comments (0)