DSA Trainer
← System Design Foundations

System Design · Unit 17

Rate limiting

Your API is humming along, then one client, maybe an abuser, maybe a buggy script stuck in a loop, starts sending thousands of requests a second. That one client can hog your servers, slow everyone else down, or run up costs. You need a way to say "that is too many, slow down."

Rate limiting is that control. It caps how many requests a given client can make in a window of time, say 100 requests per minute. Requests under the limit go through; requests over it are rejected until the client slows down. It protects your system from both malicious abuse and honest mistakes.

This unit covers why you need it, a simple mental model (the token bucket) for how it decides, where the limiter sits in your system, and what you send back when someone hits the cap.

Goal: Explain why systems cap how often a client can call them, the token-bucket intuition for allowing bursts, and where a rate limiter belongs.
Premium unit

The rest of the System Design course is premium

The first two units are free, and this is where the gate sits. Unlocking premium opens this unit and everything else in both courses:

  • This unit: 5 prediction-first lessons, 3 applied drills, and a 5-question graded test
  • All 20 System Design units, caching to CAP & consistency
  • The full DSA course: every unit, guided problem, and drill

Cancel anytime. Not useful within 7 days? Email for a full refund.

Not sure yet? Start with the free units →