Why architecture matters here
Rate limits fail when they're too coarse (hurt everyone) or too fine (miss abuse). Architecture matters because algorithm + store + fairness combine.
Advertisement
The architecture: every piece explained
The top strip is core. Request. Token bucket. Sliding window. Distributed store.
The middle row is UX. Client fairness. 429 + Retry-After. Emergency shutoff. Multi-region.
The lower rows are ops. Metrics. Fallback. Ops — governance + audit + drills.
Advertisement
End-to-end flow
End-to-end: request keyed by user_id. Token bucket allows 100/min + burst 20. Redis stores counter. Free tier vs pro tier get different caps. 429 returned with Retry-After. Emergency kill switch shuts down abuse fast.