Rate limiting algorithms control how many requests a user or client can make in a given period to protect systems from overload or abuse.

In high-traffic systems, uncontrolled request spikes can exhaust resources, cause downtime, or allow brute-force attacks. Rate limiting algorithms ensure fair usage and system stability by throttling excessive requests.

Use rate limiting to prevent abuse, ensure fairness, and maintain system reliability under load.

You need to know

1. Rate Limiting != Quota Management

   1. Rate limiting: Controls how often you can make a request (e.g., 100 requests per minute).

   2. Quotas: Control how much you can consume over a longer period (e.g., 1M requests/month).

2. Analyze when and how users access your system to set realistic limits that won’t degrade user experience.

3. Continuously monitor rate limiting metrics and adjust thresholds as needed to accommodate legitimate usage patterns.​

Popular algorithms

• Token Bucket: Tokens are added at a fixed rate; each request needs a token to proceed. Allows short bursts but enforces an average rate.

• Leaky Bucket: Similar to a queue; requests are processed at a constant rate. Excess requests are dropped, smoothing spikes into steady flows.

• Fixed Window Counter: Counts requests per user/IP in fixed time blocks (e.g., 100 reqs/min). Simple but allows spikes at boundaries.

• Sliding Window Log: Logs timestamps of each request and checks how many occurred in the last X seconds. Precise but memory-intensive.

• Sliding Window Counter: Combines Fixed Window + averaging to smooth spikes near boundary edges with less memory than full logs.

Like posts like this?

Every week, you'll get a new system design concept, broken down like this one.

Free subscribers also get a little bonus:

🎁 The System Design Interview Preparation Cheat Sheet

If you're into visuals, paid subscribers unlock:

→ My Excalidraw system design template – so you have somewhere to start
→ My Excalidraw component library – used in the diagram of this issue

No pressure though. Your support helps me keep writing, and I appreciate it more than you know ❤️