Rate Limiting Your API: Token Bucket, Sliding Window, and Redis

Rate Limiting Your API: Token Bucket, Sliding Window, and Redis One abusive client sends 10,000 requests per second. Your database melts. Every other user gets 503s. Rate limiting is not optional. Fixed Window Count requests per time window (e.g., 100 per minute). Simple but has the boundary problem: 100 requests at 0:59 + 100 at 1:00 = 200 in 2 seconds. Sliding Window Log Store timestamp of every request. Count entries within the window. Accurate but memory-hungry. Token Bucket (Best for APIs) Tokens refill at a steady rate. Each request consumes a token. When empty, reject. Allows short bursts while enforcing average rate. class TokenBucket { private tokens : number ; private lastRefill : number ; constructor ( private capacity : number , private refillRate : number ) { this . tokens = capacity ; this . lastRefill = Date . now (); } consume (): boolean { this . refill (); if ( this . tokens < 1 ) return false ; this . tokens -- ; return true ; } private refill () { const now = Date .