Rate Limiter — Simple

Problem statement (interviewer prompt)

Design a rate-limiting layer for a public API used by millions of clients. Support per-key + per-IP + per-route limits with multiple plans (free 100/min, pro 10k/min), enforce limits accurately across a fleet of API servers, and add <1ms latency. Return standard headers.

flowchart LR
  C([Client])
  GW[API Gateway]
  RL[Rate Limiter<br/>token bucket]
  R[(Redis counters)]
  S[Service]
  C --> GW --> RL
  RL -->|allow| S
  RL -->|deny 429| C
  RL <--> R

    classDef client fill:#dbeafe,stroke:#1e40af,stroke-width:1px,color:#0f172a;
    classDef edge fill:#cffafe,stroke:#0e7490,stroke-width:1px,color:#0f172a;
    classDef service fill:#fef3c7,stroke:#92400e,stroke-width:1px,color:#0f172a;
    classDef datastore fill:#fee2e2,stroke:#991b1b,stroke-width:1px,color:#0f172a;
    classDef cache fill:#fed7aa,stroke:#9a3412,stroke-width:1px,color:#0f172a;
    classDef queue fill:#ede9fe,stroke:#5b21b6,stroke-width:1px,color:#0f172a;
    classDef compute fill:#d1fae5,stroke:#065f46,stroke-width:1px,color:#0f172a;
    classDef storage fill:#e5e7eb,stroke:#374151,stroke-width:1px,color:#0f172a;
    classDef external fill:#fce7f3,stroke:#9d174d,stroke-width:1px,color:#0f172a;
    classDef obs fill:#f3e8ff,stroke:#6b21a8,stroke-width:1px,color:#0f172a;
    class C client;
    class GW edge;
    class S service;
    class R cache;
    class RL storage;