Nicholas Alvarez

System Design

Rate Limiters Made Easy

Nicholas Alvarez
Nicholas Alvarez
February 4th, 2026
A small metallic bucket with a hole near the bottom, overflowing with gold-colored coins onto a dark surface. In the background, a server rack with blinking lights is visible.

⏱️ What is a rate limiter?

⌛ A rate limiter allows you to control the rate of incoming requests sent by a client or a service. You don't want your service to be overwhelmed by someone spamming LOL 🤣 😂 500 times in a row, cyberattacks guessing your password too many times, or DoSing your servers with 2 billion requests per second.

💵 It's commonly seen in real-world business services where companies use third-party APIs. A rate-limiter reduces business costs by limiting requests for these services. Rate limiters act like a gatekeeper that filters out malicious bot activity and individual user spikes, keeping resources available for legitimate traffic.

Basic Explanation

💡 Key Understanding: Ultimately, businesses deploy rate limiters to maintain system stability and prevent servers from being overloaded.

👨‍💻 Generally, you can implement a rate limiter at either the client or the server side. While you CAN implement a client-side rate limiter, usually it's not recommended.

🧌 This is because companies may not have control over the client implementation, and many requests can be faked by malicious actors using your applications.

Alternative: Rate Limiter Middleware

🌉 There is another alternative to client and server-side rate limiters. You can create a rate limiter middleware, which throttles requests to your API. Think of this as a gate that the requests must pass through each time. If there are too many people at the gate at any given time, it will either stop letting people through completely or slow the rate at which they enter.

🌉 🏢 Usually, the two main implementations in real-world businesses are middleware and server-side rate limiters.

Common and Good-to-Know Rate Limiting Algorithms

🗑️ There are a few ways in which we can slow/limit/stop the flow of requests. These are called rate-limiting algorithms. Here are a few common techniques:

  1. Token Bucket
  2. Leaking Bucket
  3. Fixed window counter
  4. Sliding window log
  5. Sliding window counter

🔎 To learn these, I encourage further research into the details to understand how they are built and installed into middleware or server-side rate limiters.

Conclusion

😁 This is a basic overview of what a rate limiter is, and it's a good starting point. It's important to understand the pros and cons of each to identify which rate-limiting algorithms will work best with your current business needs. Then, learn common questions asked about this concept and how to structure your answers.

⚖️ If you want to explore further System Design Basic Guides I've created, I recommend the load balancer concept next.

It is very similar and helps you understand the information flow. Check it out here: Load Balancer Guide

Summary

Thank you for reading my blog post!

To continue learning the fundamentals of System Design, the next important fundamental to learn is understanding...

Make sure to check out the additional blogs here for materials to help you throughout your learning journeys!