api-rate-limiting

Implements API rate limiting using token bucket, sliding window, and Redis-based algorithms to protect against abuse. Use when securing public APIs, implementing tiered access, or preventing denial-of-service attacks.

Install with Tessl CLI

npx tessl i github:secondsky/claude-skills --skill api-rate-limiting

What are skills?

Overall
score

89%

Review — 89%

Does it follow best practices?

If you maintain this skill, you can automatically optimize it using the tessl CLI to improve its score:

npx tessl skill review --optimize ./path/to/skill

Learn more

Validation — 13 / 16 Passed

Validation for skill structure

SKILL.md

Review

Evals

API Rate Limiting

Protect APIs from abuse using rate limiting algorithms with per-user and per-endpoint strategies.

Algorithms

Algorithm	Pros	Cons
Token Bucket	Handles bursts, smooth	Memory per user
Sliding Window	Accurate	Memory intensive
Fixed Window	Simple	Boundary spikes

Token Bucket (Node.js)

class TokenBucket {
  constructor(capacity, refillRate) {
    this.capacity = capacity;
    this.tokens = capacity;
    this.refillRate = refillRate; // tokens per second
    this.lastRefill = Date.now();
  }

  consume() {
    this.refill();
    if (this.tokens >= 1) {
      this.tokens--;
      return true;
    }
    return false;
  }

  refill() {
    const now = Date.now();
    const elapsed = (now - this.lastRefill) / 1000;
    this.tokens = Math.min(this.capacity, this.tokens + elapsed * this.refillRate);
    this.lastRefill = now;
  }
}

Express Middleware

const rateLimit = require('express-rate-limit');

const limiter = rateLimit({
  windowMs: 15 * 60 * 1000, // 15 minutes
  max: 100,
  standardHeaders: true,
  message: { error: 'Too many requests, try again later' }
});

app.use('/api/', limiter);

Response Headers

X-RateLimit-Limit: 100
X-RateLimit-Remaining: 45
X-RateLimit-Reset: 1705320000
Retry-After: 60

Tiered Limits

Tier	Requests/Hour
Free	100
Pro	1,000
Enterprise	10,000

Best Practices

Use Redis for distributed rate limiting
Include proper headers in responses
Return 429 status with Retry-After
Implement tiered limits for different plans
Monitor rate limit metrics
Test under load

Repository: github.com/secondsky/claude-skills
Last updated: about 1 month ago
Created: about 1 month ago

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.