rate-limiting-implementation

Implement rate limiting, throttling, API quotas, and backpressure mechanisms to protect services from abuse and ensure fair resource usage. Use when building APIs, preventing DOS attacks, or managing system load.

Safety Notice

This listing is imported from skills.sh public index metadata. Review upstream SKILL.md and repository scripts before running.

Copy this and send it to your AI assistant to learn

Install skill "rate-limiting-implementation" with this command: npx skills add aj-geddes/useful-ai-prompts/aj-geddes-useful-ai-prompts-rate-limiting-implementation

Rate Limiting Implementation

Table of Contents

Overview

Implement rate limiting and throttling mechanisms to protect your services from abuse, ensure fair resource allocation, and maintain system stability under load.

When to Use

  • Protecting public APIs from abuse
  • Preventing DOS/DDOS attacks
  • Ensuring fair resource usage across users
  • Implementing API quotas and billing tiers
  • Managing system load and backpressure
  • Enforcing SLA limits
  • Controlling third-party API usage
  • Database connection management

Quick Start

Minimal working example:

interface TokenBucketConfig {
  capacity: number;
  refillRate: number; // tokens per second
  refillInterval: number; // milliseconds
}

class TokenBucket {
  private tokens: number;
  private lastRefill: number;
  private readonly capacity: number;
  private readonly refillRate: number;
  private readonly refillInterval: number;
  private refillTimer?: NodeJS.Timeout;

  constructor(config: TokenBucketConfig) {
    this.capacity = config.capacity;
    this.tokens = config.capacity;
    this.refillRate = config.refillRate;
    this.refillInterval = config.refillInterval;
    this.lastRefill = Date.now();

    this.startRefill();
  }

  private startRefill(): void {
// ... (see reference guides for full implementation)

Reference Guides

Detailed implementations in the references/ directory:

GuideContents
Token Bucket Algorithm (TypeScript)Token Bucket Algorithm (TypeScript)
Redis-Based Distributed Rate LimiterRedis-Based Distributed Rate Limiter
Express MiddlewareExpress Middleware
Sliding Window Algorithm (Python)Sliding Window Algorithm (Python)
Tiered Rate LimitingTiered Rate Limiting
Adaptive Rate LimitingAdaptive Rate Limiting

Best Practices

✅ DO

  • Use distributed rate limiting for multi-server deployments
  • Implement multiple rate limit tiers (per second, minute, hour, day)
  • Return proper HTTP status codes (429 Too Many Requests)
  • Include Retry-After header in responses
  • Log rate limit violations for monitoring
  • Implement graceful degradation
  • Use Redis or similar for persistence
  • Consider cost-based rate limiting (expensive operations cost more)
  • Implement burst allowances for legitimate traffic spikes
  • Provide clear API documentation about limits

❌ DON'T

  • Store rate limit data in application memory for distributed systems
  • Use fixed window counters without considering edge cases
  • Forget to clean up expired data
  • Block all requests from an IP due to one bad actor
  • Set limits too restrictive for legitimate use
  • Ignore the impact of rate limiting on user experience
  • Fail closed (deny all) when rate limiter fails

Source Transparency

This detail page is rendered from real SKILL.md content. Trust labels are metadata-based hints, not a safety guarantee.

Open in GitHubOpen in ClawHub

Related Skills

Related by shared tags or category signals.

General

nodejs-express-server

No summary provided by upstream source.

Repository SourceNeeds Review
508-aj-geddes
General

markdown-documentation

No summary provided by upstream source.

Repository SourceNeeds Review
457-aj-geddes
General

rest-api-design

No summary provided by upstream source.

Repository SourceNeeds Review
418-aj-geddes
General

architecture-diagrams

No summary provided by upstream source.

Repository SourceNeeds Review
374-aj-geddes