DEV Community: Milan Mandal

Building a Rate Limiter in Java & Spring Boot for Microservices

Milan Mandal — Sun, 15 Mar 2026 19:31:54 +0000

Modern distributed systems and APIs often face a common challenge: handling too many requests from clients.

Without protection, a sudden surge in traffic can overload servers, cause downtime, or degrade performance.

This is where Rate Limiting becomes essential.

In this article, I will explain how I built a lightweight and extensible Rate Limiter using Java and Spring Boot that supports multiple rate-limiting strategies for microservices and APIs.

🔗 Project Repository

Source Code:

[https://github.com/milanmandal-1/Rate-Limiter]

What is Rate Limiting?

Rate limiting is a technique used to control the number of requests a client can send to a server within a specific time period.

It helps to:

Prevent API abuse

Protect backend services

Improve system stability

Ensure fair resource usage

Many large platforms like Google, Amazon, and Netflix rely heavily on rate limiting to maintain reliability.

Technologies Used

This project uses modern backend technologies:

Java

Spring Boot

Microservices Architecture

API Gateway

Service Registry

Config Server

The system is designed to integrate easily into distributed microservice environments.

🧠 Rate Limiting Algorithms Implemented

This project supports multiple rate limiting strategies.

1️⃣ Token Bucket Algorithm

The Token Bucket algorithm allows a burst of traffic while maintaining an overall rate limit.

How it works:

Tokens are added to a bucket at a fixed rate

Each request consumes a token

If the bucket is empty, the request is rejected

Benefits:

✔ Allows traffic bursts
✔ Smooth request flow
✔ Widely used in APIs

2️⃣ Fixed Window Algorithm

The Fixed Window strategy counts requests within a fixed time window.

Example:

Limit = 100 requests

Time window = 1 minute

If a client sends more than 100 requests within that minute, further requests are rejected.

Advantages:

✔ Simple to implement
✔ Efficient for small systems

3️⃣ Sliding Window Algorithm

The Sliding Window algorithm improves accuracy compared to fixed windows.

Instead of resetting counters abruptly, it calculates requests based on a moving time window.

Benefits:

✔ More precise rate limiting
✔ Prevents traffic spikes at window boundaries

🏗 Microservices Architecture

This project demonstrates rate limiting inside a Spring Boot microservices ecosystem.

Main components include:

API Gateway

Service Registry

Config Server

Hotel Service

Rating Service

User Service

The rate limiter can be integrated at the API Gateway level, ensuring all incoming requests are validated before reaching downstream services.

📂 Project Structure
Rate-Limiter
│
├── ApiGateway
├── ConfigServer
├── ServiceRegistry
├── HotelService
├── RatingService
├── UserService
│
├── README.md
└── LICENSE

This structure demonstrates a production-style microservices setup.

Example Rate Limit Scenario

Example configuration:

Limit: 10 requests
Time Window: 1 minute

If a client sends:

Request 1 → Allowed
Request 2 → Allowed
...
Request 10 → Allowed
Request 11 → Blocked

This ensures backend services remain stable under heavy load.

** Why Rate Limiting is Critical for APIs**

Rate limiting protects APIs from:

🚫 DDoS attacks
🚫 API abuse
🚫 Resource exhaustion

It also helps maintain fair usage among multiple clients.

** Real-World Use Cases**

Rate limiters are widely used in:

Public APIs

Payment systems

Authentication services

Cloud platforms

SaaS platforms

Almost every major API provider uses some form of rate limiting.

Future Improvements

Some potential enhancements for this project include:

Redis-based distributed rate limiting

Kubernetes deployment

Dynamic configuration updates

Advanced monitoring with Grafana

Integration with CI/CD pipelines

Modern API Testing Framework with Java + Rest Assured + Cucumber

Milan Mandal — Sun, 15 Mar 2026 19:05:23 +0000

In modern software development, API testing is critical to ensure backend services work correctly, reliably, and securely. Automated API testing helps teams validate endpoints quickly and integrate testing into CI/CD pipelines.

To demonstrate a practical approach, I built an API Automation Framework using Java and BDD principles.

This repository provides a clean and scalable structure to automate REST APIs efficiently.

🔗 GitHub Repository

📌 Why API Automation?

Manual API testing with tools like Postman is useful for quick checks, but it becomes difficult to maintain when the number of test cases grows. A proper automation framework provides:

✅ Faster regression testing
✅ Reusable test components
✅ CI/CD integration
✅ Detailed reporting
✅ Scalable architecture

Automation frameworks built with Java + REST Assured + BDD are widely used in enterprise QA environments.

🛠 Tech Stack Used

This framework uses modern automation tools commonly used by SDET engineers:

Java
REST Assured
Cucumber BDD
Maven
TestNG / JUnit
JSON Schema Validation
Git & GitHub

📂 Project Structure

apiAutoFramework
│
├── src
│ ├── main
│ │ ├── java
│ │ └── resources
│ │
│ └── test
│ └── java
│ └── com.electrolab.api
│ │
│ ├── base
│ │ ├── ScenarioContext.java
│ │ └── TestContext.java
│ │
│ ├── config
│ │ ├── ConfigManager.java
│ │ └── Environment.java
│ │
│ ├── hooks
│ │ └── Hooks.java
│ │
│ ├── managers
│ │ ├── ApiManager.java
│ │ └── TokenManager.java
│ │
│ ├── mock
│ │ ├── MockServer.java
│ │ └── UserMock.java
│ │
│ ├── models
│ │ ├── AuthResponse.java
│ │ └── User.java
│ │
│ ├── runners
│ │ └── TestRunners.java
│ │
│ ├── specbuilder
│ │ └── SpecBuilder.java
│ │
│ ├── stepdefinitions
│ │ └── UserSteps.java
│ │
│ └── utils
│ ├── ApiClient.java
│ ├── JsonUtils.java
│ ├── LoggerUtils.java
│ └── RetryAnalyzer.java
│
└── resources
└── features
└── user.feature

⚙️ Framework Features

✔ BDD testing using Cucumber
✔ API testing using RestAssured
✔ Reusable RequestSpecBuilder
✔ Token-based authentication handling
✔ Environment configuration support
✔ Modular and maintainable architecture
✔ Logging and retry mechanisms
✔ JSON utilities for request/response handling

🧪 Sample BDD Scenario
Feature: User API

Scenario: Get users list
Given User calls GET users API
Then response status should be 200

🧱 Request Specification Builder

Reusable request configuration using SpecBuilder.

public class SpecBuilder {

public static RequestSpecification getRequest() {
    return new RequestSpecBuilder()
            .setBaseUri(ConfigManager.get("qa.url"))
            .addHeader("Content-Type", "application/json")
            .build();
}

}

🔐 Token Manager

Handles authentication tokens dynamically and injects them into API requests.

🔧 Running Tests
Run using Maven

Run from IDE
Run the TestRunners.java file.

📊 Future Enhancements

Parallel execution

Allure reports
CI/CD integration (Jenkins / GitHub Actions)
Dockerized test execution
API contract testing
Performance testing integration`