HldConceptBeginner · 3 min read

What is Rate Limiter in System Design: Definition and Examples

A rate limiter in system design is a tool that controls how many requests a user or system can make in a given time. It helps prevent overload and abuse by limiting the speed of incoming requests to a service or API.

⚙️

How It Works

Imagine a water tap that only allows a certain amount of water to flow through every minute. A rate limiter works similarly but for requests to a system. It counts how many requests come in and blocks or delays any that go beyond a set limit.

This helps keep the system stable and fair for everyone. For example, if too many people try to use a website at once, the rate limiter stops extra requests so the site doesn’t crash. It can use different methods like fixed windows, sliding windows, or token buckets to track and control the request flow.

💻

Example

This example shows a simple token bucket rate limiter in Python. It allows 5 requests per 10 seconds. If the limit is reached, it denies further requests until tokens refill.

python

import time

class TokenBucket:
    def __init__(self, capacity, refill_time):
        self.capacity = capacity
        self.tokens = capacity
        self.refill_time = refill_time
        self.last_refill = time.time()

    def allow_request(self):
        now = time.time()
        elapsed = now - self.last_refill
        # Refill tokens based on elapsed time
        refill_tokens = (elapsed / self.refill_time) * self.capacity
        if refill_tokens >= 1:
            self.tokens = min(self.capacity, self.tokens + refill_tokens)
            self.last_refill = now

        if self.tokens >= 1:
            self.tokens -= 1
            return True
        else:
            return False

# Usage
limiter = TokenBucket(5, 10)  # 5 requests per 10 seconds

for i in range(7):
    if limiter.allow_request():
        print(f"Request {i+1}: Allowed")
    else:
        print(f"Request {i+1}: Denied")
    time.sleep(1)

Output

Request 1: Allowed Request 2: Allowed Request 3: Allowed Request 4: Allowed Request 5: Allowed Request 6: Denied Request 7: Denied

🎯

When to Use

Use a rate limiter when you want to protect your system from too many requests that can cause slowdowns or crashes. It is common in APIs, login pages, and payment systems to prevent abuse like spamming or brute force attacks.

For example, a social media app might limit how many posts a user can make per minute to keep the platform stable and fair. Another case is limiting login attempts to stop hackers from guessing passwords.

✅

Key Points

A rate limiter controls the number of requests allowed in a time window.
It protects systems from overload and abuse.
Common algorithms include token bucket, fixed window, and sliding window.
Used in APIs, login systems, and any service needing fair usage.

✅

Key Takeaways

A rate limiter prevents too many requests from overwhelming a system.

It works by allowing only a set number of requests in a given time frame.

Common use cases include APIs, login attempts, and preventing spam.

Token bucket is a popular algorithm to implement rate limiting.

Rate limiting helps maintain system stability and fair resource use.