RankFloRankFlo
5 min read

API Rate Limiting Best Practices for Content APIs

Rate limiting protects your API from abuse. Learn sliding window algorithms, per-key limits, and HTTP response patterns.

R

ruben

Why Rate Limit?

Without rate limiting, a single client can overwhelm your API with requests — degrading performance for all users. Rate limiting protects your infrastructure, ensures fair usage, and prevents abuse.

Sliding Window Algorithm

The sliding window is the most practical rate limiting approach: track request counts in a rolling time window (e.g., 120 requests per minute per API key). Implementation:

// In-memory sliding window\nconst windows = new Map();\n\nfunction isRateLimited(key: string, limit = 120, windowMs = 60000) {\n  const now = Date.now();\n  const window = windows.get(key) ?? { count: 0, start: now };\n  if (now - window.start > windowMs) {\n    window.count = 1;\n    window.start = now;\n  } else {\n    window.count++;\n  }\n  windows.set(key, window);\n  return window.count > limit;\n}

HTTP Response Patterns

  • 429 Too Many Requests — Standard rate limit exceeded response
  • Retry-After header — Tell the client how long to wait
  • X-RateLimit-Limit — Total allowed requests
  • X-RateLimit-Remaining — Requests remaining in current window

Per-Plan Limits

Different API plans should have different rate limits: free tier gets 60 req/min, pro gets 300 req/min, enterprise gets custom limits.

← Back to blog