Rate Limiting Strategy

Design rate limiting and quotas that protect an API.

Shape your prompt

8 fields

API namerequired

Traffic profile & abuse concernsrequired

Algorithm

Limit dimensions

Plan-based quotas/tiers

Distributed (multi-instance) enforcementReturn standard rate-limit headers

Extra constraints

Your prompt

809 characters

The raw prompt, unchanged.

Still needed: API name, Traffic profile & abuse concerns — the preview updates as you type.

Output21 lines · 809 chars

You are a senior backend engineer. Design a rate limiting strategy for "".

## Traffic & abuse profile

## Approach
- Algorithm: Token bucket
- Limit dimensions: Per API key/client, Per endpoint

## Requirements
- Distributed enforcement that is consistent across instances (shared store).
- Correct 429 responses with a clear, machine-readable error body.
- Standard rate-limit headers (limit, remaining, reset, Retry-After).
- Fairness across clients and protection against thundering herds and abuse.
- A safe fail-open vs fail-closed decision, justified.

## Deliverables
1. The limiting design and where it sits in the request path.
2. The complete, runnable limiter implementation and config.
3. Tuning guidance and how clients should back off.

Proceed with well-reasoned defaults; ask only if blocked.