Bird
Raised Fist0
Rest APIprogramming~3 mins

Why Token bucket algorithm in Rest API? - Purpose & Use Cases

Choose your learning style10 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime

Start learning this pattern below

Jump into concepts and practice - no test required

or
Recommended
Test this pattern10 questions across easy, medium, and hard to know if this pattern is strong
The Big Idea

What if you could stop overloads smoothly without blocking good users unfairly?

The Scenario

Imagine you run a busy online store and want to limit how many orders a customer can place per minute to avoid overload.

You try to count each order manually and block customers when they exceed the limit.

The Problem

Manually tracking each request is slow and error-prone.

It's hard to keep an accurate count when many customers act at once.

This can cause delays or let some customers overload your system.

The Solution

The token bucket algorithm controls request flow smoothly.

It gives each user tokens at a steady rate, allowing bursts but limiting overall usage.

This keeps your system stable and fair without complex manual checks.

Before vs After
Before
if requests_in_last_minute >= limit:
    reject_request()
After
if token_bucket.consume(1):
    process_request()
else:
    reject_request()
What It Enables

This algorithm enables reliable, fair rate limiting that adapts to traffic bursts without crashing your service.

Real Life Example

APIs use the token bucket algorithm to limit how many calls a user can make per second, preventing abuse while allowing occasional bursts.

Key Takeaways

Manual counting of requests is slow and unreliable.

Token bucket algorithm controls flow by issuing tokens steadily.

This keeps systems stable and fair under heavy use.

Practice

(1/5)
1.

What is the main purpose of the token bucket algorithm in REST APIs?

easy
A. To encrypt API responses
B. To store user data securely
C. To control the rate of incoming requests by using tokens
D. To manage database connections

Solution

  1. Step 1: Understand the token bucket algorithm concept

    The token bucket algorithm limits how many requests can be processed by controlling tokens that refill over time.

  2. Step 2: Identify the purpose in REST APIs

    It helps prevent too many requests at once, protecting the server from overload.

  3. Final Answer:

    To control the rate of incoming requests by using tokens -> Option C

  4. Quick Check:

    Token bucket controls request rate = C [OK]
Hint: Token bucket limits request rate using tokens [OK]
Common Mistakes:
  • Confusing token bucket with data storage
  • Thinking it encrypts data
  • Assuming it manages database connections
2.

Which of the following is the correct way to represent a token bucket refill rate in pseudocode?

1. refill_rate = tokens_per_second
2. refill_rate = seconds_per_token
3. refill_rate = max_tokens * time
4. refill_rate = tokens / max_tokens
easy
A. refill_rate = seconds_per_token
B. refill_rate = tokens_per_second
C. refill_rate = max_tokens * time
D. refill_rate = tokens / max_tokens

Solution

  1. Step 1: Understand refill rate meaning

    The refill rate is how many tokens are added per second to the bucket.

  2. Step 2: Match with options

    refill_rate = tokens_per_second correctly shows tokens added per second, which is the refill rate.

  3. Final Answer:

    refill_rate = tokens_per_second -> Option B

  4. Quick Check:

    Refill rate = tokens per second [OK]
Hint: Refill rate means tokens added each second [OK]
Common Mistakes:
  • Confusing refill rate with time per token
  • Multiplying max tokens by time incorrectly
  • Using ratios instead of rates
3.

Given a token bucket with max_tokens = 5, refill_rate = 1 token/second, and an empty bucket at time 0, what is the number of tokens available at time 3 seconds?

medium
A. 3 tokens
B. 5 tokens
C. 0 tokens
D. 1 token

Solution

  1. Step 1: Calculate tokens refilled after 3 seconds

    Since refill rate is 1 token per second, after 3 seconds, 3 tokens are added.

  2. Step 2: Check max tokens limit

    The bucket max is 5 tokens, so 3 tokens fit without exceeding the max.

  3. Final Answer:

    3 tokens -> Option A

  4. Quick Check:

    3 seconds * 1 token/sec = 3 tokens [OK]
Hint: Multiply seconds by refill rate, cap at max tokens [OK]
Common Mistakes:
  • Assuming bucket fills instantly to max
  • Ignoring max token limit
  • Using refill rate incorrectly
4.

Consider this pseudocode snippet for token bucket check:
if tokens <= 0:
  reject_request()
else:
  tokens -= 1
  allow_request()
What is the bug in this logic?

medium
A. It should check if tokens > 0 before allowing
B. It should increase tokens instead of decreasing
C. It should reject when tokens > 0
D. It should check if tokens < 1, not <= 0

Solution

  1. Step 1: Recall proper token bucket logic

    To consume 1 token, check if tokens >= 1 before decrementing (equivalent to reject if tokens < 1).

  2. Step 2: Identify the bug

    The code rejects only if tokens <= 0. For fractional tokens (common in real implementations), if 0 < tokens < 1, it allows the request, decrementing to negative, which is incorrect.

  3. Final Answer:

    It should check if tokens < 1, not <= 0 -> Option D

  4. Quick Check:

    Reject if tokens < 1 [OK]
Hint: Allow only if tokens >= 1 [OK]
Common Mistakes:
  • Using <= 0 instead of < 1 causes off-by-one errors
  • Increasing tokens on request instead of decreasing
  • Rejecting requests when tokens are available
5.

You want to implement a token bucket that allows bursts of up to 10 requests and refills tokens at 2 tokens per second. If a client sends 15 requests instantly after being idle for 3 seconds, how many requests will be allowed immediately?

hard
A. 6 requests
B. 5 requests
C. 15 requests
D. 10 requests

Solution

  1. Step 1: Calculate tokens available after 3 seconds idle

    Refill rate is 2 tokens/second, so after 3 seconds: 2 * 3 = 6 tokens. Max tokens allowed is 10, so bucket fills to 6 tokens.

  2. Step 2: Consider burst capacity

    Since the bucket max is 10, if it was full before idle, it would have 10 tokens. But starting empty, after 3 seconds it has 6 tokens.

  3. Step 3: Determine allowed requests

    The client sends 15 requests instantly, but only 6 tokens are available, so only 6 requests allowed immediately.

  4. Final Answer:

    6 requests -> Option A

  5. Quick Check:

    3 sec * 2 tokens/sec = 6 tokens available [OK]
Hint: Tokens = min(max_tokens, refill_rate * idle_time) [OK]
Common Mistakes:
  • Assuming bucket always full at max tokens
  • Allowing more requests than tokens available
  • Ignoring refill rate and idle time