Tags

Rate Limiting

Rate Limiting

0 lessons
3 code snippets
3 system designs
2 community items

rate-limiting

Code Snippets

3 snippets
Code Snippet

Throttle Function in JavaScript

Throttling caps how often a function can fire to at most once per interval, which is the right tool for scroll, mousemove, and analytics beacons. This snippet contrasts throttle against debounce, then walks from a leading-edge timestamp gate to a `setTimeout`-driven version that includes a manual `cancel`. Pick the variant that matches whether the very first call should fire immediately.

JavaScript
utility
code-template
performance-optimization
rate-limiting

800

17

Easy
Code Snippet
Premium

Throttle with Leading and Trailing Edges

A leading-only throttle drops the last call's arguments; a trailing-only throttle feels laggy on the first event. The Lodash-style throttle that fires on BOTH edges is the version every UI codebase eventually wants: an immediate response on the leading edge plus a guaranteed final fire after the burst ends. This snippet builds that production-grade throttle from scratch with cancel and flush, then shows the configurable `leading` / `trailing` toggle that powers most real-world helpers.

JavaScript
utility
code-template
performance-optimization
rate-limiting

158

5

Hard
Code Snippet
Premium

Async Queue with Concurrency Limit

When you have hundreds of API calls but the upstream caps you at 5 in flight, naive `Promise.all` is a 429 storm waiting to happen. A concurrency-limited queue runs at most `n` tasks at once, draining a backlog as workers free up. This snippet starts with the minimal worker pool, adds per-task error isolation, then layers in cancellation and ordered results so the helper holds up in production.

JavaScript
async-programming
concurrency
rate-limiting
queue

445

14

Hard

System Design

3 articles
System Design

Reverse Proxy & API Gateway

A reverse proxy sits at the edge of your infrastructure and terminates client connections so backends never see them directly. An API gateway is a reverse proxy with opinions: authentication, rate limiting, request transformation, and per-route policies. This lesson covers what each does, when one is enough and when you need the other, the canonical features (TLS termination, response caching, request shaping, JWT validation, circuit breaking), and the tools that implement them (NGINX, Envoy, Kong, AWS API Gateway, Apigee). By the end you can place either in a real architecture and articulate the boundary between them in an interview.

reverse-proxy
api-gateway
nginx
envoy
kong
tls
rate-limiting
system-design
intermediate
premium

1.1k

21

Medium
System Design

Design a Notification Service

Design a multi-channel notification service that delivers 10B push, email, and SMS notifications per day across three independent provider networks (APNs, FCM, SendGrid, Twilio) with priority queues, per-user rate limits, and idempotent retries. The interview centerpiece is the fan-out from a single application event to multiple channels and providers, each with its own rate limits, failure modes, and delivery semantics. We cover priority queues for transactional vs marketing traffic, retry policies with exponential backoff, deduplication of duplicate triggers, user preference enforcement, and the device token lifecycle that quietly invalidates tens of millions of tokens per day.

design-notification-service
case-study
messaging-communication
push-notifications
email
sms
priority-queue
rate-limiting
idempotency
fan-out
retry-policy
dead-letter-queue
system-design
intermediate
premium

946

29

Medium
System Design
Premium

DDoS Protection, WAF & Security Best Practices

DDoS attacks try to exhaust your bandwidth, your TCP stack, your application capacity, or your downstream dependencies. A WAF (web application firewall) tries to block exploit traffic before it reaches your code. Together with rate limiting, bot management, anti-abuse tooling, and a hardened application layer, they form the defensive perimeter that real production systems live behind. This lesson covers the layered defense: edge / CDN scrubbing for L3/L4 floods, rate limiting and bot detection for L7 abuse, WAF rules for OWASP-class exploits, the OWASP Top 10 with concrete mitigations, secure development practices (input validation, output encoding, secrets management, dependency hygiene), incident response, and the operational realities of running this stack (false positives, vendor selection, escalation, post-mortems). The goal is to leave you able to design and defend the security perimeter for any user-facing system.

ddos
waf
security
rate-limiting
owasp
system-design
advanced
premium

498

12

Hard