Architecture Intermediate
Throttling a Rate Limiting¶
ThrottlingRate LimitingAPI 3 min read
Implementace rate limitingu pro ochranu API. Token bucket, sliding window a HTTP hlavičky.
Algoritmy¶
Token Bucket: Tokeny se doplňují konstantní rychlostí. Sliding Window: Počítá requesty v klouzavém okně.
// Redis sliding window rate limiter
async function rateLimit(clientId, limit = 100, windowSec = 60) {
const key = \`rl:\${clientId}\`;
const now = Date.now();
const pipe = redis.pipeline();
pipe.zremrangebyscore(key, 0, now - windowSec * 1000);
pipe.zadd(key, now, \`\${now}-\${Math.random()}\`);
pipe.zcard(key);
pipe.expire(key, windowSec);
const results = await pipe.exec();
const count = results[2][1];
return { allowed: count <= limit, remaining: Math.max(0, limit - count) };
}
HTTP hlavičky¶
X-RateLimit-Limit: 100
X-RateLimit-Remaining: 42
X-RateLimit-Reset: 1708900000
Retry-After: 30 # při 429
Summary¶
Rate limiting is a necessity pro každé veřejné API. Informujte klienty via HTTP hlavičky.
Need Help with Implementation?¶
Our team has experience designing and implementing modern architectures. We’re happy to help.