Design a API Rate limiter
Credits to Alex Xu and his book System Design
Types of Rate Limiter
- User write no more than 3 posts per minute
- Restrict POST operation from particular IP address
- Restrict GET/POST operation from particular device
Benefits of Rate Limiter
- Prevents resource starvation caused from DDOS attack
- Reduces cost
- Prevent servers being overloaded
Where to put Rate limiter
- CLient Side : Not recommended and unreliable place.
- Server Side : We can put a rate limiter in server side
- Middle-layer : Best is to move API rate limiter out of server side and keep it separate
Algorithms for Rate Limiting
- Token bucket
- Leaking bucket
- Fixed window counter
- Sliding window log
- Sliding window counter
Token bucket (most commonly used)
- Most widely used
- Simple to implement
Image Credits to Alex Xu and his book System Design
Detailed Design
The process is self-explainatory
2 scope of improvements in this architecture
- How to resolve Race condition ?
- Any approach to resolve scynchronization issue ?
Highly recommend to follow Alex Xu in Linkedin and get his book on System Design