What is Rate limiting with sliding window in Redis?

Redisquery~7 mins

Rate limiting with sliding window in Redis

Choose your learning style9 modes available

Learn Why Deep Visual Try Challenge Project Recall Time

Introduction

Rate limiting helps control how often a user can do something, like sending messages or making requests. The sliding window method lets us count actions in a moving time frame, so limits are fair and smooth.

To limit how many times a user can send a message in the last minute.

To control API calls so a user doesn't overload the server in a short time.

To prevent too many login attempts within a few minutes to stop attacks.

To manage how often a user can post comments on a website in the last hour.

Syntax

Redis

redis-cli

// Use a sorted set to store timestamps of actions
// Key: user ID or action identifier
// Command to add current timestamp:
ZADD key current_timestamp current_timestamp

// Remove timestamps older than window size (e.g., 60 seconds):
ZREMRANGEBYSCORE key 0 (current_timestamp - window_size)

// Count actions in the window:
ZCARD key

// Check if count exceeds limit
// If not, allow action; else, deny

Sorted sets store timestamps as both score and member for easy range queries.

Use current time in seconds or milliseconds depending on precision needed.

Examples

Add a timestamp, remove entries older than 60 seconds ago, then count current actions.

Redis

ZADD user:123 1687000000 1687000000
ZREMRANGEBYSCORE user:123 0 1686999940
ZCARD user:123

Sliding window moves forward; old timestamps are removed to keep count accurate.

Redis

ZADD user:123 1687000050 1687000050
ZREMRANGEBYSCORE user:123 0 1686999990
ZCARD user:123

Check current count before allowing new action.

Redis

ZCARD user:123
// If result < limit, allow action
// Else, deny

Sample Program

This example shows adding timestamps for user:42, cleaning old entries outside the 60-second window, and counting actions to enforce rate limit.

Redis

127.0.0.1:6379> ZADD user:42 1687000100 1687000100
(integer) 1
127.0.0.1:6379> ZADD user:42 1687000120 1687000120
(integer) 1
127.0.0.1:6379> ZREMRANGEBYSCORE user:42 0 1687000040
(integer) 0
127.0.0.1:6379> ZCARD user:42
(integer) 2

// Now add a new action at timestamp 1687000150
127.0.0.1:6379> ZADD user:42 1687000150 1687000150
(integer) 1
// Remove timestamps older than 60 seconds from 1687000150 (i.e., before 1687000090)
127.0.0.1:6379> ZREMRANGEBYSCORE user:42 0 1687000090
(integer) 1
// Count current actions
127.0.0.1:6379> ZCARD user:42
(integer) 2

OutputSuccess

Important Notes

Time complexity for ZADD, ZREMRANGEBYSCORE, and ZCARD is O(log(N)) where N is the number of elements in the sorted set.

Space complexity depends on how many timestamps are stored per user; old timestamps are removed to save space.

Common mistake: forgetting to remove old timestamps, which causes the count to grow and limits to be inaccurate.

Use sliding window rate limiting when you want smooth limits over time, unlike fixed windows that reset abruptly.

Summary

Sliding window rate limiting counts actions in a moving time frame for fairness.

Redis sorted sets store timestamps and allow efficient adding, removing, and counting.

Always remove old timestamps to keep counts accurate and storage small.