Pattern 37 / EDGE

Rate Limiting

Use this when protecting services from abusive or accidental request floods.

Pressure
Protecting services from abusive or accidental request floods
Mechanism
Track request counts/tokens per identity and reject or slow requests past a limit
Toll
Legitimate bursts can be throttled if limits are too blunt
Architecture plate37
Diagram for Rate Limiting
Executive brief

Rate Limiting fits when protecting services from abusive or accidental request floods. Mechanism: track request counts/tokens per identity and reject or slow requests past a limit. Use it for public APIs, login endpoints, expensive queries, and multi-tenant systems. The toll: legitimate bursts can be throttled if limits are too blunt.

Use when

Public apis, login endpoints, expensive queries, and multi-tenant systems.

Example

Token bucket allows short bursts but caps sustained traffic.

Review framing

Describe the pressure first, then the mechanism, then the cost. That keeps the design grounded.

Same pressure family

API Design Patterns

35API Gateway36Backend for Frontend (BFF)38Pagination (Cursor-Based)39API Versioning
โ† 3638 โ†’