jbvc/api-patterns
API design principles and decision-making. REST vs GraphQL vs tRPC selection, response formats, versioning, pagination.
67
Quality
67%
Does it follow best practices?
Impact
Pending
No eval scenarios have been run
Securityby
Passed
No known issues
rate-limiting.md
Rate Limiting Principles
Protect your API from abuse and overload.
Why Rate Limit
Protect against:
├── Brute force attacks
├── Resource exhaustion
├── Cost overruns (if pay-per-use)
└── Unfair usageStrategy Selection
| Type | How | When |
|---|---|---|
| Token bucket | Burst allowed, refills over time | Most APIs |
| Sliding window | Smooth distribution | Strict limits |
| Fixed window | Simple counters per window | Basic needs |
Response Headers
Include in headers:
├── X-RateLimit-Limit (max requests)
├── X-RateLimit-Remaining (requests left)
├── X-RateLimit-Reset (when limit resets)
└── Return 429 when exceeded