Skip to content

Feature Request: Implement API Rate Limiting #111

Open
Open
Feature Request: Implement API Rate Limiting#111
Assignees
leonard1thecoder
Labels
enhancementNew feature or request
@leonard1thecoder

Description

@leonard1thecoder
leonard1thecoder
opened on Jan 30, 2026

Summary

Implement API rate limiting to prevent abuse, protect server resources, and ensure fair usage among clients.

Problem

Currently, our API does not have any request throttling mechanism. This can lead to:

  • Excessive load from a single client
  • Potential denial-of-service (DoS) scenarios
  • Unfair resource usage

Proposed Solution

Introduce a rate limiting mechanism that:

  • Restricts the number of requests per client within a given time window
  • Returns HTTP 429 (Too Many Requests) when the limit is exceeded
  • Resets the limit after the defined time window

Suggested Implementation

  • Use Token Bucket or Leaky Bucket algorithm
  • Identify clients via:
    • API key
    • JWT claim
    • IP address (fallback)
  • Configurable limits (e.g., 100 requests per minute)
  • Optionally integrate with Redis for distributed environments

Example (Spring Boot)

  • Implement a OncePerRequestFilter to intercept requests
  • Use a RateLimiterService to track and validate request counts
  • Return 429 Too Many Requests when the limit is reached

Benefits

  • Prevents abuse and accidental overload
  • Improves API stability and reliability
  • Enhances fairness for all users

Metadata

Metadata

Assignees

Labels

enhancementNew feature or request

Projects

@leonard1thecoder's creating users and retail company modules

Status

Todo

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions