SBSamanta Bindrainarchitecturedev.hashnode.dev·1d ago · 7 min readDistributed Rate LimitingMost discussions around rate limiting start with algorithms — Fixed Window, Sliding Window, Token Bucket, Leaky Bucket. After building and operating a distributed rate limiting layer, one thing become00
AAwxGlobalinawxglobal.hashnode.dev·May 5 · 4 min readWhat happens when an AI agent hits a rate limit — and how to design around itWhat happens when an AI agent hits a rate limit — and how to design around it Your AI agent is processing customer support tickets at 3 AM. It's been running flawlessly for hours, then suddenly: RateLimitError: You exceeded your current quota. The ag...00
CC9labinc9lab.hashnode.dev·Apr 27 · 4 min readFuzzing Web Applications using FFUF: The Complete Mastery GuideIn the competitive world of bug bounty hunting, efficiency and speed are everything. Fuzz testing has become a core technique for identifying hidden attack surfaces, and when it comes to web applicati00
BSBharat Singhinbharatsingh.hashnode.dev·Apr 18 · 9 min readWhy I Chose Token Bucket for HoldUp (And Why the Others Didn't Make the Cut)Most engineers add rate limiting because someone told them to, or because they got hit with an abuse spike and panicked. They slap on a library, set a number, and call it done. The question of which a00
PUProsper Ugbovoinfreecodecamp.org·Mar 27 · 13 min readHow to Implement Token Bucket Rate Limiting with FastAPIAPIs power everything from mobile apps to enterprise platforms, quietly handling millions of requests per day. Without safeguards, a single misconfigured client or a burst of automated traffic can ove00
CCosmosincosmoscribe.hashnode.dev·Mar 18 · 6 min readThe Journey of a Request: What Happens Before Your Code Even Runs?Okay, before we go into the depths of these concepts, I want to tell you that we will take it easy. I don’t want you to get overwhelmed by the jargon. We spend hours arguing about which programming la00
SKShubham Kumar Singhinblog.realdev.club·Mar 13 · 3 min readUnderstanding the Leaky Bucket Rate Limiter (with JavaScript Implementation)When building APIs or backend systems, one common challenge is handling too many requests at once. If a server receives a sudden spike of traffic, it may slow down or even crash. To prevent this, syst00
TTiamatintiamat-ai.hashnode.dev·Mar 9 · 9 min readYour API Rate-Limit Is Useless Against Distributed AttacksTL;DR API rate-limiting ("you can make 100 requests per minute") was designed to prevent single-source abuse. It fails catastrophically against distributed attacks. Botnets with 50,000 nodes, each making 1 request/minute, bypass your 100-req/min limi...00
SSSuman Sarkarinthinking-in-backend.hashnode.dev·Jan 12 · 4 min readRate Limiting, Abuse, and Trust at ScaleIn the last two articles, we solved some big problems. We know who the user is (Authentication) and we know what they are allowed to do (Authorization). At this point, you might feel like your backend is a fortress. The doors are locked, and the guar...00
ODOrim Dominic Adahinfreecodecamp.org·Jan 9 · 16 min readHow to Build an In-Memory Rate Limiter in Next.jsAn API rate limiter is a server-side component of a web service that limits the number of API requests a client can make to an endpoint within a period of time. For example, X (formerly known as Twitt00
