easy
~4 hours5 stagespython
Rate Limiter
The primitive sitting between every public API and the queue of clients that will retry-storm it the moment it twitches. Five stages from a single-process token bucket to a pluggable Limiter with a distributed-counter backend, burst budget, Retry-After math, and the three flavors of client-side jitter that prevent the next thundering-herd.
fork the python starterkarnstack/byox-rate-limiter-python
use this templategh repo create my-rate-limiter-python --template karnstack/byox-rate-limiter-python --private --clonepick private to keep work to yourself, or public for unlimited actions minutes. verification works on both.
checkinggithub link status
your progresspython
0/5verified
no verifications yet. fork the starter, push to main, watch stages light up here.
stages
tests run on every push to main- stage 01Token bucketfree45m
- stage 02Sliding-window counter55m
- stage 03Pluggable counter backend50m
- stage 04Burst budget and Retry-After50m
- stage 05Client jitter strategies45m
references
- A Two Rate Three Color MarkerJuha Heinanen, Roch Guerin (1999) · RFC 2698Canonical IETF framing of the token-bucket two-rate (committed + peak) form used in stage 4.
- HTTP Semantics, section 10.2.3 Retry-AfterRoy T. Fielding, Mark Nottingham, Julian Reschke (2022) · RFC 9110The Retry-After header contract implemented in stage 4.
- Exponential Backoff and JitterMarc Brooker (2015) · AWS Architecture BlogComparison of no-jitter, equal, full, and decorrelated jitter strategies; convergence behavior reproduced in stage 5.
- How we built rate limiting capable of scaling to millions of domainsJulien Desgats (2017) · Cloudflare BlogSliding-window counter design used in stage 2 and rationale for not shipping a pure sliding-window log.
- Scaling your API with rate limitersPaul Tarjan (2017) · Stripe Engineering BlogProduction framing of token-bucket plus sliding-window in series, per-account dimensions, the load-shedding case.
- Stripe APIToken-bucket plus sliding-window hybrid. Per-user and per-account dimensions. Returns Retry-After on 429.
- GitHub REST API5000 requests/hour authenticated, 60/hour unauthenticated. Sliding-window counter. Returns X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Reset.
- Cloudflare Rate LimitingPer-zone rules at the edge. Sliding-window counter. Scales to millions of domains.
- AWS API GatewayToken-bucket per stage and per-method with separate account-level burst and steady-state rates.
- Discord APIPer-route bucket plus a global limit. Documented via X-RateLimit-Bucket, X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Reset, X-RateLimit-Reset-After headers.