api-rate-limiting
Implements API rate limiting using token bucket, sliding window, and Redis-based algorithms to protect against abuse. Use when securing public APIs, implementing tiered access, or preventing denial-of-service attacks.
92
89%
Does it follow best practices?
Impact
95%
1.15xAverage score across 3 eval scenarios
Passed
No known issues
Evaluation results
90%
20%Secure a Public REST API with Rate Limiting
Express rate limit middleware setup
express-rate-limit package
100%
100%
windowMs 15 minutes
0%
100%
max 100 requests
0%
0%
standardHeaders enabled
100%
100%
Error message format
100%
100%
Route scoping to /api/
100%
100%
429 status on limit exceeded
100%
100%
Retry-After header
0%
100%
RateLimit response headers
100%
100%
100%
10%Implement Subscription-Aware API Access Control
Tiered rate limits per subscription plan
Free tier limit
100%
100%
Pro tier limit
100%
100%
Enterprise tier limit
100%
100%
Per-user or per-key limiting
100%
100%
429 on limit exceeded
100%
100%
Retry-After header
0%
100%
RateLimit headers present
100%
100%
Tier selection logic
100%
100%
All three tiers handled
100%
100%
97%
10%Build a Horizontally Scalable Rate Limiter
Token bucket and Redis distributed limiting
Token Bucket class
83%
100%
Refill logic
100%
100%
consume() returns boolean
62%
62%
Redis as backing store
100%
100%
Per-user rate limiting
100%
100%
X-RateLimit-Limit header
100%
100%
X-RateLimit-Remaining header
100%
100%
X-RateLimit-Reset header
0%
100%
429 with Retry-After
100%
100%
Distributed scalability note
100%
100%
- Repository
- secondsky/claude-skills
- Commit
90d6bd7
- Evaluated
- Agent
- Claude Code
- Model
- Claude Sonnet 4.6
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.