Bird
Raised Fist0
Rest APIprogramming~5 mins

Token bucket algorithm in Rest API

Choose your learning style10 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime

Start learning this pattern below

Jump into concepts and practice - no test required

or
Recommended
Test this pattern10 questions across easy, medium, and hard to know if this pattern is strong
Introduction

The token bucket algorithm helps control how many requests a user can make to a server in a certain time. It stops too many requests from overloading the system.

To limit how many API calls a user can make per minute.
To prevent a website from slowing down due to too many visitors at once.
To control data flow in a network so it stays smooth and steady.
To allow short bursts of activity but keep the overall rate steady.
Syntax
Rest API
import time

class TokenBucket:
    def __init__(self, capacity, refill_rate):
        self.capacity = capacity
        self.tokens = capacity
        self.refill_rate = refill_rate  # tokens per second
        self.last_refill_timestamp = time.time()

    def allow_request(self, tokens=1):
        now = time.time()
        elapsed = now - self.last_refill_timestamp
        self.tokens = min(self.capacity, self.tokens + elapsed * self.refill_rate)
        self.last_refill_timestamp = now

        if self.tokens >= tokens:
            self.tokens -= tokens
            return True
        else:
            return False

The capacity is the max tokens the bucket can hold.

The refill_rate controls how fast tokens are added back.

Examples
This example creates a bucket that holds 5 tokens and refills 1 token per second. It checks if a request can be allowed.
Rest API
bucket = TokenBucket(capacity=5, refill_rate=1)
if bucket.allow_request():
    print("Request allowed")
else:
    print("Request denied")
This tries 12 requests quickly. Only the first 10 will be allowed because of the capacity.
Rest API
bucket = TokenBucket(capacity=10, refill_rate=2)
for _ in range(12):
    if bucket.allow_request():
        print("Allowed")
    else:
        print("Denied")
Sample Program

This program creates a token bucket with 3 tokens max and refills 1 token per second. It tries 5 requests, waiting half a second between each. You will see some requests denied because tokens run out.

Rest API
import time

class TokenBucket:
    def __init__(self, capacity, refill_rate):
        self.capacity = capacity
        self.tokens = capacity
        self.refill_rate = refill_rate  # tokens per second
        self.last_refill_timestamp = time.time()

    def allow_request(self, tokens=1):
        now = time.time()
        elapsed = now - self.last_refill_timestamp
        self.tokens = min(self.capacity, self.tokens + elapsed * self.refill_rate)
        self.last_refill_timestamp = now

        if self.tokens >= tokens:
            self.tokens -= tokens
            return True
        else:
            return False

bucket = TokenBucket(capacity=3, refill_rate=1)

for i in range(5):
    if bucket.allow_request():
        print(f"Request {i+1}: Allowed")
    else:
        print(f"Request {i+1}: Denied")
    time.sleep(0.5)
OutputSuccess
Important Notes

Tokens refill over time, so waiting lets more requests pass.

Requests use tokens; if none left, requests are denied.

You can adjust capacity and refill rate to control traffic.

Summary

The token bucket algorithm controls request rates by using tokens.

Tokens refill steadily, allowing bursts but limiting overall rate.

This helps keep servers safe from too many requests at once.

Practice

(1/5)
1.

What is the main purpose of the token bucket algorithm in REST APIs?

easy
A. To encrypt API responses
B. To store user data securely
C. To control the rate of incoming requests by using tokens
D. To manage database connections

Solution

  1. Step 1: Understand the token bucket algorithm concept

    The token bucket algorithm limits how many requests can be processed by controlling tokens that refill over time.

  2. Step 2: Identify the purpose in REST APIs

    It helps prevent too many requests at once, protecting the server from overload.

  3. Final Answer:

    To control the rate of incoming requests by using tokens -> Option C

  4. Quick Check:

    Token bucket controls request rate = C [OK]
Hint: Token bucket limits request rate using tokens [OK]
Common Mistakes:
  • Confusing token bucket with data storage
  • Thinking it encrypts data
  • Assuming it manages database connections
2.

Which of the following is the correct way to represent a token bucket refill rate in pseudocode?

1. refill_rate = tokens_per_second
2. refill_rate = seconds_per_token
3. refill_rate = max_tokens * time
4. refill_rate = tokens / max_tokens
easy
A. refill_rate = seconds_per_token
B. refill_rate = tokens_per_second
C. refill_rate = max_tokens * time
D. refill_rate = tokens / max_tokens

Solution

  1. Step 1: Understand refill rate meaning

    The refill rate is how many tokens are added per second to the bucket.

  2. Step 2: Match with options

    refill_rate = tokens_per_second correctly shows tokens added per second, which is the refill rate.

  3. Final Answer:

    refill_rate = tokens_per_second -> Option B

  4. Quick Check:

    Refill rate = tokens per second [OK]
Hint: Refill rate means tokens added each second [OK]
Common Mistakes:
  • Confusing refill rate with time per token
  • Multiplying max tokens by time incorrectly
  • Using ratios instead of rates
3.

Given a token bucket with max_tokens = 5, refill_rate = 1 token/second, and an empty bucket at time 0, what is the number of tokens available at time 3 seconds?

medium
A. 3 tokens
B. 5 tokens
C. 0 tokens
D. 1 token

Solution

  1. Step 1: Calculate tokens refilled after 3 seconds

    Since refill rate is 1 token per second, after 3 seconds, 3 tokens are added.

  2. Step 2: Check max tokens limit

    The bucket max is 5 tokens, so 3 tokens fit without exceeding the max.

  3. Final Answer:

    3 tokens -> Option A

  4. Quick Check:

    3 seconds * 1 token/sec = 3 tokens [OK]
Hint: Multiply seconds by refill rate, cap at max tokens [OK]
Common Mistakes:
  • Assuming bucket fills instantly to max
  • Ignoring max token limit
  • Using refill rate incorrectly
4.

Consider this pseudocode snippet for token bucket check:
if tokens <= 0:
  reject_request()
else:
  tokens -= 1
  allow_request()
What is the bug in this logic?

medium
A. It should check if tokens > 0 before allowing
B. It should increase tokens instead of decreasing
C. It should reject when tokens > 0
D. It should check if tokens < 1, not <= 0

Solution

  1. Step 1: Recall proper token bucket logic

    To consume 1 token, check if tokens >= 1 before decrementing (equivalent to reject if tokens < 1).

  2. Step 2: Identify the bug

    The code rejects only if tokens <= 0. For fractional tokens (common in real implementations), if 0 < tokens < 1, it allows the request, decrementing to negative, which is incorrect.

  3. Final Answer:

    It should check if tokens < 1, not <= 0 -> Option D

  4. Quick Check:

    Reject if tokens < 1 [OK]
Hint: Allow only if tokens >= 1 [OK]
Common Mistakes:
  • Using <= 0 instead of < 1 causes off-by-one errors
  • Increasing tokens on request instead of decreasing
  • Rejecting requests when tokens are available
5.

You want to implement a token bucket that allows bursts of up to 10 requests and refills tokens at 2 tokens per second. If a client sends 15 requests instantly after being idle for 3 seconds, how many requests will be allowed immediately?

hard
A. 6 requests
B. 5 requests
C. 15 requests
D. 10 requests

Solution

  1. Step 1: Calculate tokens available after 3 seconds idle

    Refill rate is 2 tokens/second, so after 3 seconds: 2 * 3 = 6 tokens. Max tokens allowed is 10, so bucket fills to 6 tokens.

  2. Step 2: Consider burst capacity

    Since the bucket max is 10, if it was full before idle, it would have 10 tokens. But starting empty, after 3 seconds it has 6 tokens.

  3. Step 3: Determine allowed requests

    The client sends 15 requests instantly, but only 6 tokens are available, so only 6 requests allowed immediately.

  4. Final Answer:

    6 requests -> Option A

  5. Quick Check:

    3 sec * 2 tokens/sec = 6 tokens available [OK]
Hint: Tokens = min(max_tokens, refill_rate * idle_time) [OK]
Common Mistakes:
  • Assuming bucket always full at max tokens
  • Allowing more requests than tokens available
  • Ignoring refill rate and idle time