senior software engineer
Design an API Rate Limiter
Clarify · 5:00
Design a rate limiting service that protects backend APIs from abuse while preserving good experience for legitimate users and tenants.
Known Requirements
- • Support limits by API key, user, and IP address
- • Enforce policies with low-latency allow/deny decisions
- • Return clear client feedback with status and retry metadata
- • Allow policy changes without service redeploys
- • Support both burst control and sustained throughput limits
Constraints
- • Traffic arrives through multiple instances and possibly multiple regions
- • High-cardinality keys can increase memory and compute pressure
- • Provider or platform outages require explicit fail-open or fail-closed behavior
- • Windowing logic must be robust to clock skew and boundary effects
- • The system should remain cost-efficient at large scale
Clarifying Questions
Ask up to five questions. Reveal constraints by being specific.
5 questions remaining
Reveals
- Ask a question to reveal more constraints.
Phase Control
Advance when ready or let the timer move you forward.