Design a distributed rate limiter that caps how many requests a client (API key / IP) can make per time window.
How to approach it
Sketch the request path from the client inward: client → edge/CDN → load balancer → stateless services → cache → database, with queues and workers off to the side for async work. Keep services stateless so they scale horizontally. Draw the happy path first; resilience and scale come after.
Components
| Component | Role |
|---|---|
| Client | caller |
| API Gateway | runs the limiter middleware |
| Limiter | token-bucket / sliding-window logic |
| Redis | shared atomic counters (INCR + TTL) |
| Backend Service | handles allowed requests |
Request path
Client → API Gateway → Limiter → Redis → Backend Service