How do I use the "Implement Rate Limiting for APIs" prompt?

Copy the prompt template, fill in the variables (PROGRAMMING_LANGUAGE, FRAMEWORK, STORAGE_BACKEND, RATE_LIMIT_STRATEGY, RATE_LIMIT, TIME_WINDOW, API_CONTEXT), and paste it into ChatGPT, Claude, or Gemini.

What AI tools work with this coding prompt?

This prompt works with chatgpt, claude, gemini. Simply copy and paste the template into any of these AI assistants.

Tips for getting the best results?

Choose sliding window over fixed window to prevent traffic spikes at window boundaries Always include rate limit headers in responses to help clients manage their request patterns Implement fallback mechanisms when your storage backend (Redis) is unavailable to avoid blocking all traffic Consider using different rate limits for different user tiers or API endpoints for better resource allocation Add comprehensive logging and monitoring to track rate limiting effectiveness and adjust limits based on usage patterns

coding advanced

Implement Rate Limiting for APIs

Advanced prompt to generate robust rate limiting code for APIs. Includes sliding windows, token buckets, and Redis implementations with error handling.

Works with: chatgptclaudegemini

Prompt Template

You are an expert backend engineer specializing in API security and performance optimization. I need you to implement a comprehensive rate limiting solution with the following requirements: **Technical Specifications:** - Programming Language: [PROGRAMMING_LANGUAGE] - Framework: [FRAMEWORK] - Storage Backend: [STORAGE_BACKEND] (e.g., Redis, in-memory, database) - Rate Limiting Strategy: [RATE_LIMIT_STRATEGY] (e.g., token bucket, sliding window, fixed window) - Rate Limit: [RATE_LIMIT] requests per [TIME_WINDOW] - API Context: [API_CONTEXT] **Implementation Requirements:** 1. Create a robust rate limiting middleware/decorator that can be easily integrated 2. Implement proper error handling with meaningful HTTP status codes and messages 3. Include configurable rate limits per user/IP/API key 4. Add logging and monitoring capabilities 5. Handle edge cases like burst traffic and distributed systems 6. Provide clear documentation with usage examples 7. Include unit tests for the core functionality 8. Consider performance optimization for high-traffic scenarios **Additional Features:** - Graceful degradation when storage backend is unavailable - Support for different rate limits based on user tiers or endpoints - Rate limit headers in responses (X-RateLimit-Remaining, X-RateLimit-Reset) - Whitelist/blacklist functionality - Sliding window implementation to prevent thundering herd problems Provide complete, production-ready code with detailed comments explaining the algorithm, configuration options, and integration steps. Include examples of how to use this in different scenarios and potential optimizations for scale.

Variables to Customize

[PROGRAMMING_LANGUAGE]

The programming language for implementation

Example: Python

[FRAMEWORK]

The web framework being used

Example: FastAPI

[STORAGE_BACKEND]

Storage system for rate limit data

Example: Redis

[RATE_LIMIT_STRATEGY]

The rate limiting algorithm to implement

Example: sliding window

[RATE_LIMIT]

Number of allowed requests

Example: 100

[TIME_WINDOW]

Time period for the rate limit

Example: minute

[API_CONTEXT]

Description of the API being protected

Example: REST API for a social media platform with user authentication

Example Output

Here's a production-ready sliding window rate limiter implementation for FastAPI with Redis: ```python import time import json from typing import Optional from fastapi import HTTPException, Request from redis import Redis import logging class SlidingWindowRateLimiter: def __init__(self, redis_client: Redis, default_limit: int = 100, window_size: int = 60): self.redis = redis_client self.default_limit = default_limit self.window_size = window_size self.logger = logging.getLogger(__name__) async def is_allowed(self, identifier: str, limit: Optional[int] = None) -> tuple[bool, dict]: limit = limit or self.default_limit now = time.time() pipeline = self.redis.pipeline() # Remove expired entries pipeline.zremrangebyscore(identifier, 0, now - self.window_size) # Count current requests pipeline.zcard(identifier) # Add current request pipeline.zadd(identifier, {str(now): now}) # Set expiration pipeline.expire(identifier, self.window_size + 1) results = pipeline.execute() current_requests = results[1] remaining = max(0, limit - current_requests) reset_time = int(now + self.window_size) headers = { 'X-RateLimit-Limit': str(limit), 'X-RateLimit-Remaining': str(remaining), 'X-RateLimit-Reset': str(reset_time) } if current_requests >= limit: # Remove the request we just added since it's rejected self.redis.zrem(identifier, str(now)) return False, headers return True, headers def rate_limit(requests_per_minute: int = 100): def decorator(func): async def wrapper(request: Request, *args, **kwargs): # Extract identifier (IP, user_id, or API key) identifier = get_client_identifier(request) allowed, headers = await rate_limiter.is_allowed( identifier, requests_per_minute ) if not allowed: raise HTTPException( status_code=429, detail="Rate limit exceeded. Please try again later.", headers=headers ) response = await func(request, *args, **kwargs) # Add rate limit headers to successful responses for key, value in headers.items(): response.headers[key] = value return response return wrapper return decorator ``` This implementation provides sliding window rate limiting with Redis persistence, proper HTTP headers, and easy FastAPI integration.

Pro Tips for Best Results

Choose sliding window over fixed window to prevent traffic spikes at window boundaries
Always include rate limit headers in responses to help clients manage their request patterns
Implement fallback mechanisms when your storage backend (Redis) is unavailable to avoid blocking all traffic
Consider using different rate limits for different user tiers or API endpoints for better resource allocation
Add comprehensive logging and monitoring to track rate limiting effectiveness and adjust limits based on usage patterns