[System design] Rate Limiter

LiveRunGrow
9 min readAug 11, 2024
Photo by Johnny Brown on Unsplash

Read full article for free here: https://liverungrow.medium.com/system-design-rate-limiter-0bfa79f9547c?sk=10173567559499b0b5028119bae7d735

Requirements

Functional requirements:

  • Is it client side or server side? Will it be a service that is placed between client request and backend services?
    - On the client side: This strategy is not safe because it can easily be tampered with by malicious activity. Moreover, the configuration on the client side is also difficult to apply in this approach.
    - On the server side: In this approach, a server receives a request that is passed through the rate limiter that resides on the server.
    - As middleware: In this strategy, the rate limiter acts as middleware, throttling requests to API servers.
  • Limit by total requests received per second? Limit by requests made per User? Limit by total request across all users?
    - In the following example, we assume limit request made per user.
  • How much limit to impose? Each service and user client will have it’s own rule.
  • Throw error when limit is exceeded.
  • To make the limit of requests per window configurable?
  • Type of throttling? Hard throttling, Soft throttling ( the number of requests can exceed the predefined limit by a…

--

--

LiveRunGrow

𓆉︎ 𝙳𝚛𝚎𝚊𝚖𝚎𝚛 🪴𝙲𝚛𝚎𝚊𝚝𝚘𝚛 👩‍💻𝚂𝚘𝚏𝚝𝚠𝚊𝚛𝚎 𝚎𝚗𝚐𝚒𝚗𝚎𝚎𝚛 ☻ I write & reflect weekly about software engineering, my life and books. Ŧ๏ɭɭ๏ฬ ๓є!