A powerful and scalable API Rate Limiter built with .NET 9, supporting multiple rate-limiting algorithms (Fixed Window, Sliding Window, Token Bucket, Concurrency) with IP-based rate limiting. Designed using Clean Architecture and integrated with Redis for distributed environments.
β Multiple Rate-Limiting Algorithms:
- Fixed Window π β Limits requests per fixed time window.
- Sliding Window π β Smooths request spikes with a rolling window.
- Token Bucket πͺ β Allows burstable traffic via token-based management.
- Concurrency π β Restricts simultaneous client connections.
β
IP-Based Rate Limiting π‘ β Ensures fair request distribution across users.
β
Redis Integration π’οΈ β Enables scalable, distributed rate limiting.
β
Clean Architecture ποΈ β Layered design following best practices.
β
Fully Configurable π§ β Manage rate limits in appsettings.json.
| Technology | Purpose |
|---|---|
| .NET 9 | Core framework |
| Redis | Distributed caching & rate limiting |
| StackExchange.Redis | Redis client for .NET |
| MediatR | CQRS pattern implementation |
| Serilog | Logging |
| xUnit | Unit testing framework |
| Moq | Mocking for unit tests |
π This project follows Clean Architecture principles:
π src/
βββ π App # Runnable and installers located web api
βββ π Domain # Business logic & entities
βββ π Application # Use cases, handlers, services
βββ π Infrastructure # Redis integration & rate-limiting logic
βββ π Persistence # EF Core integration & implementations
βββ π Presentation # API controllers & contracts
- Separation of Concerns β Organized and maintainable code.
- Scalability β Easily extendable for new features.
- Testability β Isolated business logic for robust unit tests.
- Restricts requests within a fixed time period.
- Example:
100 requests per minute.
- Maintains a rolling window to smooth traffic bursts.
- Example: Consider last
60 secondsinstead of resetting counters.
- Allows controlled bursts of traffic.
- Example: Users get
100 tokens, refilling at10/sec.
- Limits the number of simultaneous API requests.
- Example:
Max 10 concurrent users.
- Identifies and restricts request flow per IP address.
- Ensures fair resource allocation across users.
β
.NET 9 SDK
β
Redis
β
Visual Studio Code
β
Postman (for API testing)
git clone https://github.com/MrEshboboyev/api-rate-limiter.git
cd src dotnet restore docker run -d -p 6379:6379 redis dotnet run --project src/AppModify appsettings.json to configure rate limits:
{
"RateLimitSettings": {
"FixedWindow": {
"PermitLimit": 100,
"WindowInSeconds": 60
},
"SlidingWindow": {
"PermitLimit": 100,
"WindowInSeconds": 60
},
"TokenBucket": {
"BucketSize": 100,
"RefillRate": 10
},
"Concurrency": {
"MaxConcurrentRequests": 10
}
}
}| Method | Endpoint | Description |
|---|---|---|
| GET | /api/rate-limit/get-random |
Enabled endpoint for rate limiting |
| POST | /api/rate-limit/get-random-two |
Disabled endpoint for rate limiting |
Run tests to validate the functionality:
dotnet testSend multiple requests to trigger rate limiting:
curl -X GET http://localhost:5000/api/rate-limit/testβ If rate limit is exceeded, youβll get 429 Too Many Requests.
Contributions are welcome! π If you find any issues or have suggestions, feel free to open an issue or submit a pull request.
This project is MIT Licensed. See the LICENSE file for details.
Special thanks to:
- The .NET and Redis communities for excellent tools.
- Clean Architecture & Domain-Driven Design inspirations.
π¬ GitHub: MrEshboboyev
π¬ Email: mreshboboyev@gmail.com
β Star this repository if you found it helpful! π