Rate limiting is a crucial aspect of managing the availability and reliability of APIs. Today, there are several approaches to implementing rate limiting mechanisms, each based on specific algorithms or their combinations. However, existing methods often treat all consumers as a homogeneous group, hindering the creation of flexible resource management strategies in modern distributed architectures. In this article, the author proposes two new methods for rate limiting based on the token bucket algorithm. The first method involves using a shared token bucket with different minimum fill requirements depending on the consumer class. The second method suggests using separate token buckets for each consumer class with individual parameter values but a common limit. Simulation results confirmed that both methods enable efficient API request limitation, though disparities emerged regarding resource distribution patterns across diverse consumer classes. These findings have practical implications for developers of information systems and services who need to maintain high availability while ensuring access guarantees for various consumer categories.
1. Firmani D., Leotta F., Mecella M. On Computing Throttling Rate Limits in Web APIs through Statistical Inference. In: 2019 IEEE International Conference on Web Services (ICWS), 08–13 July 2019, Milan, Italy. IEEE; 2019. pp. 418–425. https://doi.org/10.1109/ICWS.2019.00075
2. Alharbi S.J., Moulahi T. API Security Testing: The Challenges of Security Testing for Restful APIs. International Journal of Innovative Science and Research Technology. 2023;8(5):1485–1499. https://doi.org/10.5281/zenodo.7988410
3. Serbout S., Malki A.E., Pautasso C., Zdun U. API Rate Limit Adoption – A pattern collection. In: EuroPLoP '23: Proceedings of the 28th European Conference on Pattern Languages of Programs, 05–09 July 2023, Irsee, Germany. New York: Association for Computing Machinery; 2024. https://doi.org/10.1145/3628034.3628039
4. Wanda P., Hiswati M.E. Belief-DDoS: stepping up DDoS attack detection model using DBN algorithm. International Journal of Information Technology. 2024;16(1):271–278. https://doi.org/10.1007/s41870-023-01631-x
5. Padma Latha V.L., Sudhakar Reddy N., Suresh Babu A. On optimizing scalability and availability of cloud based software services using scale rate limiting algorithm. International Journal of Nonlinear Analysis and Applications. 2022;13(2):1893–1905. https://doi.org/10.22075/ijnaa.2022.27403.3588
6. Park J., Park J., Jung Y., Lim H., Yeo H., Han D. TopFull: An Adaptive Top-Down Overload Control for SLO-Oriented Microservices. In: ACM SIGCOMM '24: Proceedings of the ACM SIGCOMM 2024 Conference, 04–08 August, 2024, Sydney, Australia. New York: Association for Computing Machinery; 2024. pp. 876–890. https://doi.org/10.1145/3651890.3672253
7. Zhou H., Chen M., Lin Q., Wang Y., She X., Liu S., Gu R., Ooi B.C., Yang J. Overload Control for Scaling WeChat Microservices. In: SoCC '18: Proceedings of the ACM Symposium on Cloud Computing, 11–13 October 2018, Carlsbad, USA. New York: Association for Computing Machinery; 2018. pp. 149–161. https://doi.org/10.1145/3267809.3267823
8. El Malki A., Zdun U., Pautasso C. Impact of API Rate Limit on Reliability of Microservices-Based Architectures. In: 2022 IEEE International Conference on Service-Oriented System Engineering (SOSE), 15–18 August 2022, Newark, USA. IEEE; 2022. pp. 19–28. https://doi.org/10.1109/SOSE55356.2022.00009
9. Xu A. System Design Interview – An Insider's Guide. Saint Petersburg: Piter; 2024. 304 p. (In Russ.).
10. Bass L., Clements P., Kazman R. Software Architecture in Practice. 4th Edition. Boston: Addison-Wesley Professional; 2021. 464 p.
11. Barnhart B., Brooker M., Chinenkov D., Hooper T., Im J., Jha P.C., Kraska T., Kurakula A., Kuznetsov A., McAlister G., Muthukrishnan A., Narayanan A., Terry D., Urgaonkar B., Yan J. Resource Management in Aurora Serverless. Proceedings of the VLDB Endowment. 2024;17(12):4038–4050. https://doi.org/10.14778/3685800.3685825
12. Kaldor J., Mace J., Bejda M., Gao E., Kuropatwa W., O’Neill J., Ong K.W., Schaller B., Shan P., Viscomi B., Venkataraman V., Veeraraghavan K., Song Y.J. Canopy: An End-to-End Performance Tracing and Analysis System. In: SOSP '17: Proceedings of the 26th Symposium on Operating Systems Principles, 28 October 2017, Shanghai, China. New York: Association for Computing Machinery; 2017. pp. 34–50. https://doi.org/10.1145/3132747.3132749
13. Lin Y.-W., Lin T.-X., Farn C.-K. The Free-of-Charge Phenomena in the Network Economy – A Multi-Party Value Exchange Model. Journal of Theoretical and Applied Electronic Commerce Research. 2021;16(7):2981–3002. https://doi.org/10.3390/jtaer16070163
