API Rate Limiting with Claude Code: Redis Sliding Window Implementation

Without rate limiting, your API is one misconfigured client away from infrastructure failure. Claude Code can implement consistent rate limiting across every endpoint — if you give it the right rules in CLAUDE.md. Why Rate Limiting Matters Three failure modes hit APIs without rate limiting: DDoS vulnerability : Attackers send thousands of requests per second, taking down your service Cost explosion : A buggy client hammering your OpenAI or Stripe backend can generate hundreds of dollars in charges overnight Fairness collapse : One heavy user monopolizes bandwidth while others get timeouts Fixed Window rate limiting is a common first attempt — but it has a critical flaw: a burst of requests at the window boundary effectively doubles your limit. Sliding Window with Redis Sorted Sets solves this cleanly. CLAUDE.md Rules for Rate Limiting Add these rules to your CLAUDE.md so Claude Code enforces consistent implementation: ## API Rate Limiting Rules ### Mandatory - Every public API endpoint