A rate limit is a restriction on how many requests a client can make to a system within a defined time window. Rate limits protect systems from abuse, prevent overload, and ensure fair usage of resources. Rate limiting is enforced at the API gateway, load balancer, or application server and typically returns a 429 status code when exceeded.
Why it matters
Rate limits preserve system stability and predictable performance. They safeguard APIs from malicious actors, buggy scripts, and high-volume spikes. They are also used for billing tiers, where higher plans receive higher limits.
Examples
Allowing 1000 requests per hour for an API key or throttling login attempts to prevent brute-force attacks. Lessons like Rate Limiting explain implementation strategies.