api-rate-limiting | aj-geddes-useful-ai-prompts-4 | ClaudePluginHub

Skill

api-rate-limiting

From aj-geddes-useful-ai-prompts-4

Implements API rate limiting with token bucket, sliding window, fixed window algorithms, Redis support, tiered limits, Flask example. Use for API abuse protection and traffic management.

api-development

Install

$

npx claudepluginhub joshuarweaver/cascade-code-languages-misc-1 --plugin aj-geddes-useful-ai-prompts-4

Tool Access

This skill uses the workspace's default tool permissions.

Preview

- [Overview](#overview)

Supporting Assets

references/python-rate-limiting-flask.mdreferences/redis-based-rate-limiting.mdreferences/response-headers.mdreferences/sliding-window-algorithm.mdreferences/tiered-rate-limiting.mdreferences/token-bucket-algorithm.mdscripts/validate-api.shtemplates/api-scaffold.yaml

SKILL.md

Similar Skills

skill-lookup

Searches, retrieves, and installs Agent Skills from prompts.chat registry using MCP tools like search_skills and get_skill. Activates for finding skills, browsing catalogs, or extending Claude.

159.9k

prompt-lookup

Searches prompts.chat for AI prompt templates by keyword or category, retrieves by ID with variable handling, and improves prompts via AI. Use for discovering or enhancing prompts.

159.9k

next-compile

1 file

Checks Next.js compilation errors using a running Turbopack dev server after code edits. Fixes actionable issues before reporting complete. Replaces `next build`.

vercel-next-js-2

139.2k

Stats

Stars180

Forks28

Last CommitMar 3, 2026

Actions

View Source View Plugin View on GitHub View README

Tags

redis-rate-limiting

API Rate Limiting

Table of Contents

Overview
When to Use
Quick Start
Reference Guides
Best Practices

Overview

Protect APIs from abuse and manage traffic using various rate limiting algorithms with per-user, per-IP, and per-endpoint strategies.

When to Use

Protecting APIs from brute force attacks
Managing traffic spikes
Implementing tiered service plans
Preventing DoS attacks
Fairness in resource allocation
Enforcing quotas and usage limits

Quick Start

Minimal working example:

// Token Bucket Rate Limiter
class TokenBucket {
  constructor(capacity, refillRate) {
    this.capacity = capacity;
    this.tokens = capacity;
    this.refillRate = refillRate; // tokens per second
    this.lastRefillTime = Date.now();
  }

  refill() {
    const now = Date.now();
    const timePassed = (now - this.lastRefillTime) / 1000;
    const tokensToAdd = timePassed * this.refillRate;

    this.tokens = Math.min(this.capacity, this.tokens + tokensToAdd);
    this.lastRefillTime = now;
  }

  consume(tokens = 1) {
    this.refill();

    if (this.tokens >= tokens) {
      this.tokens -= tokens;
      return true;
    }
// ... (see reference guides for full implementation)

Reference Guides

Detailed implementations in the references/ directory:

Guide	Contents
Token Bucket Algorithm	Token Bucket Algorithm
Sliding Window Algorithm	Sliding Window Algorithm
Redis-Based Rate Limiting	Redis-Based Rate Limiting
Tiered Rate Limiting	Tiered Rate Limiting
Python Rate Limiting (Flask)	Python Rate Limiting (Flask)
Response Headers	Response Headers

Best Practices

✅ DO

Include rate limit headers in responses
Use Redis for distributed rate limiting
Implement tiered limits for different user plans
Set appropriate window sizes and limits
Monitor rate limit metrics
Provide clear retry guidance
Document rate limits in API docs
Test under high load

❌ DON'T

Use in-memory storage in production
Set limits too restrictively
Forget to include Retry-After header
Ignore distributed scenarios
Make rate limits public (security)
Use simple counters for distributed systems
Forget cleanup of old data