Prev Next

API / Microservices Design Patterns Interview Questions

What is the Rate Limiting pattern and what algorithms are commonly used?

The Rate Limiting pattern caps the number of requests a client (identified by IP, API key, or user ID) can make within a time window. When the limit is exceeded, the server rejects excess requests with an HTTP 429 (Too Many Requests) and optionally includes a Retry-After header. It protects services from accidental or malicious overload, enforces fair-use quotas, and prevents a single client from exhausting shared resources.

Four commonly used algorithms:

  • Fixed Window Counter — count requests in fixed time windows (e.g., 0–60 s, 60–120 s). Simple and cheap. Weakness: a burst can occur at the boundary — up to 2× the limit in a single window transition.
  • Sliding Window Log — store the exact timestamp of each request. Count requests in the rolling window ending at "now". Precise but memory-intensive (O(N) per client).
  • Sliding Window Counter — approximate the sliding window by blending the current and previous fixed-window counts using elapsed time fraction. Good accuracy at low memory cost.
  • Token Bucket — a bucket fills with tokens at a fixed rate (e.g., 10 tokens/second, bucket size 100). Each request consumes one token. If the bucket is empty, reject. Allows controlled bursting up to the bucket size.
  • Leaky Bucket — requests fill a queue (the "bucket"). The bucket drains at a fixed constant rate. Smooths bursty input to a steady output. Excess requests that overflow the bucket are rejected.
# Redis-based Token Bucket (pseudocode)
tokens = redis.get("rate:" + clientId) or bucketCapacity
if tokens < 1:
    return HTTP 429
redis.decrby("rate:" + clientId, 1)
redis.expire("rate:" + clientId, windowSeconds)
# proceed with request

Rate limits are commonly enforced at the API Gateway using Redis (for distributed state across multiple gateway replicas) with the Token Bucket or Sliding Window Counter algorithm.

Which rate limiting algorithm is most susceptible to allowing a burst of up to 2x the limit at the boundary between two fixed windows?
How does Token Bucket differ from Leaky Bucket in handling request bursts?

Invest now in Acorns!!! 🚀 Join Acorns and get your $5 bonus!

Invest now in Acorns!!! 🚀
Join Acorns and get your $5 bonus!

Earn passively and while sleeping

Acorns is a micro-investing app that automatically invests your "spare change" from daily purchases into diversified, expert-built portfolios of ETFs. It is designed for beginners, allowing you to start investing with as little as $5. The service automates saving and investing. Disclosure: I may receive a referral bonus.

Invest now!!! Get Free equity stock (US, UK only)!

Use Robinhood app to invest in stocks. It is safe and secure. Use the Referral link to claim your free stock when you sign up!.

The Robinhood app makes it easy to trade stocks, crypto and more.

Webull! Receive free stock by signing up using the link: Webull signup.

More Related questions...

What is the Decompose by Business Capability pattern and how do you identify business capabilities? What is the Decompose by Subdomain pattern and how does it relate to DDD Bounded Contexts? What is the Strangler Fig pattern and when should you use it to migrate a monolith? What is the Anti-Corruption Layer (ACL) pattern in microservices? What is the Branch by Abstraction pattern for incremental migration? What is the Parallel Run pattern and how does it reduce migration risk? What is the Bulkhead decomposition pattern and how does it isolate failure domains? What is the Database per Service pattern and what problem does it solve? What is the Shared Database anti-pattern and why should it be avoided in microservices? What is the Saga pattern and how does it manage distributed transactions across microservices? What is the difference between Choreography-based and Orchestration-based Sagas? What is CQRS (Command Query Responsibility Segregation) and when should you use it? What is Event Sourcing and how does it complement CQRS? What is the API Composition pattern for querying data across services? What is the Outbox Pattern and how does it solve the dual-write problem? What is the Saga rollback / compensating transaction pattern? What is the API Gateway pattern and what responsibilities should it have versus a BFF? What is the Backend for Frontend (BFF) pattern and when does it replace a general API Gateway? What is the Service Mesh pattern and how do data-plane proxies such as Envoy implement it? What is the Message Broker pattern and how does it enable asynchronous microservice communication? What is the Request-Reply (Correlation ID) pattern for async messaging? What is the Idempotent Consumer pattern and why is it essential in event-driven systems? What is the Event-Driven Architecture pattern and how does it differ from synchronous request/response? What is Gateway Aggregation versus Gateway Routing versus Gateway Offloading? How does the Circuit Breaker pattern work and what are its three states? What is the Retry pattern with exponential backoff and jitter, and when should you NOT retry? What is the Timeout pattern and how does it prevent cascading failures? What is the Bulkhead pattern for resource isolation (thread pools, connection pools)? What is the Health Check API pattern and what should a /health endpoint return? What is the Rate Limiting pattern and what algorithms are commonly used? What is the Fallback pattern and how does it relate to the Circuit Breaker? What is the Throttling pattern and how does it differ from Rate Limiting? What is the Log Aggregation pattern and how does a centralised logging pipeline work? What is the Application Metrics pattern and what is the difference between push and pull metric collection? What is the Audit Logging pattern and what events should always be captured? What is the Distributed Tracing pattern and how do trace context headers propagate across services? What is the Access Token pattern (JWT/OAuth2) for service-to-client authentication? What is the Mutual TLS (mTLS) pattern for service-to-service authentication? What is the Secrets Management pattern and how do tools like Vault or AWS Secrets Manager implement it? What is the Sidecar pattern and what responsibilities does a sidecar container take on? What is the Ambassador pattern and how does it proxy outbound traffic for a service? What is the Adapter pattern in the context of microservice containers? What is the Canary Deployment pattern and how does it differ from Blue-Green deployment? What is the Service Registry and Discovery pattern — client-side versus server-side discovery? What is the Self Registration versus Third-Party Registration pattern for service discovery?
Show more question and Answers...

BigData

Comments & Discussions

Interviews Questions

About Javapedia.net

Javapedia.net is for Java and J2EE developers, technologist and college students who prepare of interview. Also this site includes many practical examples.

This site is developed using J2EE technologies by Steve Antony, a senior Developer/lead at one of the logistics based company.

contact: javatutorials2016[at]gmail[dot]com

Kindly consider donating for maintaining this website. Thanks.

Copyright © 2026, javapedia.net, all rights reserved. privacy policy.

DMCA.com Protection Status