System Design
Rate Limiting
6 practice questions. Free questions open a full answer guide; the rest unlock with Pro.
- A third-party partner integrates with our API and occasionally hammers it with bursts that degrade service for everyone else. We don't own their client. How would you protect the API?
- You're running an API across three regions and need a global rate limit per API key, but a synchronous check against one central counter would add cross-region latency to every request. How do you enforce the limit accurately enough without that latency?Go Pro
- Your rate limiter works fine in one region, but now the API runs active-active across several regions and the limit has to be enforced globally. How do you keep a single client from getting N times their limit by spreading requests across regions, without putting a cross-region hop on every request?Go Pro
- Design a rate limiter that can be used as middleware in a distributed API gateway. Support per-user and per-IP limits.Go Pro
- Design the rate limiter that protects a public API. Walk me through which algorithm you'd pick, where the limiter runs, and how you keep the counters accurate when the API is served by a fleet of stateless instances.Go Pro
- How would you design a distributed rate limiter that caps each API client to N requests per minute across a fleet of servers?Go Pro
Want questions matched to your role? Paste a job title, job description, or CV for a personalized set, or go Pro to unlock the full bank.