System Design

Rate Limiting

6 practice questions. Free questions open a full answer guide; the rest unlock with Pro.

  • A third-party partner integrates with our API and occasionally hammers it with bursts that degrade service for everyone else. We don't own their client. How would you protect the API? Mid level
  • You're running an API across three regions and need a global rate limit per API key, but a synchronous check against one central counter would add cross-region latency to every request. How do you enforce the limit accurately enough without that latency?Go Pro Senior level
  • Your rate limiter works fine in one region, but now the API runs active-active across several regions and the limit has to be enforced globally. How do you keep a single client from getting N times their limit by spreading requests across regions, without putting a cross-region hop on every request?Go Pro Staff-principal level
  • Design a rate limiter that can be used as middleware in a distributed API gateway. Support per-user and per-IP limits.Go Pro Senior level
  • Design the rate limiter that protects a public API. Walk me through which algorithm you'd pick, where the limiter runs, and how you keep the counters accurate when the API is served by a fleet of stateless instances.Go Pro Staff-principal level
  • How would you design a distributed rate limiter that caps each API client to N requests per minute across a fleet of servers?Go Pro Mid level
Want questions matched to your role? Paste a job title, job description, or CV for a personalized set, or go Pro to unlock the full bank.