A highly scalable, fault-tolerant Rate Limiting API Gateway built with Spring Boot, Redis, and Docker.
This standalone microservice prevents API abuse by enforcing request limits using a distributed Sliding Window algorithm. It is designed with enterprise-grade fault tolerance, ensuring that even if the central database crashes, the API remains available.
Live Demo: https://distributed-rate-limiter-a7yn.onrender.com
This system wasn't just built to limit requests; it was built to survive chaos.
- Atomic Operations (Lua Scripting): The core Sliding Window algorithm is executed entirely within Redis using custom Lua scripts. This eliminates network round-trip latency and prevents race conditions during high-concurrency spikes.
- Distributed State: By using Redis as the central "brain," this rate limiter can be deployed across multiple server instances (e.g., behind a load balancer) while maintaining perfectly synchronized request counts.
- Fault Tolerance (Degraded Mode): Integrated Resilience4j Circuit Breaker. If the Redis cluster goes offline, the system instantly "fails open" and gracefully degrades to tracking limits using local, in-memory
ConcurrentHashMapcounters. The API stays alive, and users experience zero downtime. - Containerized Environment: Fully dockerized with a multi-stage
Dockerfileand orchestrated viadocker-composefor seamless local testing and cloud deployment.
- Framework: Java 24, Spring Boot 4.0.6
- Database: Redis (Upstash Serverless Redis for production)
- Resiliency: Resilience4j (Circuit Breaker)
- DevOps: Docker, Docker Compose
- Cloud Hosting: Render
The Interceptor automatically guards different routes based on different defined rules.
GET /api/data
Limit: 5 requests per 10 seconds.
GET /api/login
Limit: 3 requests per 60 seconds.
HTTP/1.1 200 OK
X-RateLimit-Limit: 5