Problem Statement
Public API endpoints lack rate limiting, allowing abusive clients to degrade service for others. Implement configurable rate limiting middleware with per-endpoint tiers and burst handling.
Technical Bounds
- Algorithm: token bucket with configurable refill rate
- Storage: in-memory with optional Redis backend
- Tiers: free (10 req/min), pro (100 req/min), enterprise (1000 req/min)
- Burst: 2x sustained rate for up to 10 seconds
- Response: 429 with Retry-After header
Steps
- Implement token bucket rate limiter
- Create middleware with per-endpoint tier config
- Add Redis backend for distributed rate limiting
- Write tests for burst, cooldown, and edge cases
Problem Statement
Public API endpoints lack rate limiting, allowing abusive clients to degrade service for others. Implement configurable rate limiting middleware with per-endpoint tiers and burst handling.
Technical Bounds
Steps