api-rate-limiting▌
aj-geddes/useful-ai-prompts · updated Apr 8, 2026
Protect APIs from abuse and manage traffic using various rate limiting algorithms with per-user, per-IP, and per-endpoint strategies.
API Rate Limiting
Table of Contents
Overview
Protect APIs from abuse and manage traffic using various rate limiting algorithms with per-user, per-IP, and per-endpoint strategies.
When to Use
- Protecting APIs from brute force attacks
- Managing traffic spikes
- Implementing tiered service plans
- Preventing DoS attacks
- Fairness in resource allocation
- Enforcing quotas and usage limits
Quick Start
Minimal working example:
// Token Bucket Rate Limiter
class TokenBucket {
constructor(capacity, refillRate) {
this.capacity = capacity;
this.tokens = capacity;
this.refillRate = refillRate; // tokens per second
this.lastRefillTime = Date.now();
}
refill() {
const now = Date.now();
const timePassed = (now - this.lastRefillTime) / 1000;
const tokensToAdd = timePassed * this.refillRate;
this.tokens = Math.min(this.capacity, this.tokens + tokensToAdd);
this.lastRefillTime = now;
}
consume(tokens = 1) {
this.refill();
if (this.tokens >= tokens) {
this.tokens -= tokens;
return true;
}
// ... (see reference guides for full implementation)
Reference Guides
Detailed implementations in the references/ directory:
| Guide | Contents |
|---|---|
| Token Bucket Algorithm | Token Bucket Algorithm |
| Sliding Window Algorithm | Sliding Window Algorithm |
| Redis-Based Rate Limiting | Redis-Based Rate Limiting |
| Tiered Rate Limiting | Tiered Rate Limiting |
| Python Rate Limiting (Flask) | Python Rate Limiting (Flask) |
| Response Headers | Response Headers |
Best Practices
✅ DO
- Include rate limit headers in responses
- Use Redis for distributed rate limiting
- Implement tiered limits for different user plans
- Set appropriate window sizes and limits
- Monitor rate limit metrics
- Provide clear retry guidance
- Document rate limits in API docs
- Test under high load
❌ DON'T
- Use in-memory storage in production
- Set limits too restrictively
- Forget to include Retry-After header
- Ignore distributed scenarios
- Make rate limits public (security)
- Use simple counters for distributed systems
- Forget cleanup of old data
Discussion
Product Hunt–style comments (not star reviews)- No comments yet — start the thread.
Ratings
4.5★★★★★34 reviews- ★★★★★Shikha Mishra· Dec 24, 2024
Useful defaults in api-rate-limiting — fewer surprises than typical one-off scripts, and it plays nicely with `npx skills` flows.
- ★★★★★Ganesh Mohane· Dec 20, 2024
api-rate-limiting fits our agent workflows well — practical, well scoped, and easy to wire into existing repos.
- ★★★★★Noor Lopez· Dec 12, 2024
I recommend api-rate-limiting for anyone iterating fast on agent tooling; clear intent and a small, reviewable surface area.
- ★★★★★Aisha Smith· Dec 8, 2024
We added api-rate-limiting from the explainx registry; install was straightforward and the SKILL.md answered most questions upfront.
- ★★★★★Arjun Huang· Dec 4, 2024
Useful defaults in api-rate-limiting — fewer surprises than typical one-off scripts, and it plays nicely with `npx skills` flows.
- ★★★★★Kiara Wang· Nov 23, 2024
api-rate-limiting has been reliable in day-to-day use. Documentation quality is above average for community skills.
- ★★★★★Yash Thakker· Nov 15, 2024
api-rate-limiting has been reliable in day-to-day use. Documentation quality is above average for community skills.
- ★★★★★Sophia Taylor· Nov 3, 2024
Solid pick for teams standardizing on skills: api-rate-limiting is focused, and the summary matches what you get after install.
- ★★★★★Noor Bansal· Oct 22, 2024
api-rate-limiting has been reliable in day-to-day use. Documentation quality is above average for community skills.
- ★★★★★Arya Bhatia· Oct 14, 2024
Solid pick for teams standardizing on skills: api-rate-limiting is focused, and the summary matches what you get after install.
showing 1-10 of 34