[System design] Rate Limiter

LiveRunGrow

·

Follow

9 min read

·

Aug 11, 2024

--

Share

Read full article for free here: https://liverungrow.medium.com/system-design-rate-limiter-0bfa79f9547c?sk=10173567559499b0b5028119bae7d735

Requirements

Functional requirements:

• Is it client side or server side? Will it be a service that is placed between client request and backend services?
  - On the client side: This strategy is not safe because it can easily be tampered with by malicious activity. Moreover, the configuration on the client side is also difficult to apply in this approach.
  - On the server side: In this approach, a server receives a request that is passed through the rate limiter that resides on the server.
  - As middleware: In this strategy, the rate limiter acts as middleware, throttling requests to API servers.
• Limit by total requests received per second? Limit by requests made per User? Limit by total request across all users?
  - In the following example, we assume limit request made per user.
• How much limit to impose? Each service and user client will have it’s own rule.
• Throw error when limit is exceeded.
• To make the limit of requests per window configurable?
• Type of throttling? Hard throttling, Soft throttling ( the number of requests can exceed the predefined limit by a…