Docs / Programming & Development / API Rate Limiting Implementation Patterns

API Rate Limiting Implementation Patterns

By Admin · Feb 25, 2026 · Updated Apr 23, 2026 · 28 views · 1 min read

Why Rate Limit?

Rate limiting protects your API from abuse, prevents resource exhaustion, and ensures fair usage across clients.

Token Bucket Algorithm

The most common algorithm — each client has a bucket of tokens. Tokens refill at a fixed rate. Each request consumes one token.

Redis Implementation

# PHP rate limiter
function checkRateLimit(string $key, int $limit, int $window): bool {
    $redis = new Redis();
    $redis->connect('127.0.0.1');

    $current = $redis->incr($key);
    if ($current === 1) {
        $redis->expire($key, $window);
    }

    return $current  "Too many requests"]);
    exit;
}

Response Headers

X-RateLimit-Limit: 100
X-RateLimit-Remaining: 42
X-RateLimit-Reset: 1708905600
Retry-After: 30

Nginx Level

# Rate limit zone
limit_req_zone $binary_remote_addr zone=api:10m rate=10r/s;

server {
    location /api/ {
        limit_req zone=api burst=20 nodelay;
        limit_req_status 429;
    }
}

Was this article helpful?

Related Articles