A powerful and scalable API Rate Limiter built with .NET 9, supporting multiple rate-limiting algorithms (Fixed Window, Sliding Window, Token Bucket, Concurrency) with IP-based rate limiting. Designed using Clean Architecture and integrated with Redis for distributed environments.
✅ Multiple Rate-Limiting Algorithms:
- Fixed Window 🕒 – Limits requests per fixed time window.
- Sliding Window 🔄 – Smooths request spikes with a rolling window.
- Token Bucket 🪙 – Allows burstable traffic via token-based management.
- Concurrency 🔗 – Restricts simultaneous client connections.
✅ IP-Based Rate Limiting 📡 – Ensures fair request distribution across users.
✅ Redis Integration 🛢️ – Enables scalable, distributed rate limiting.
✅ Clean Architecture 🏗️ – Layered design following best practices.
✅ Fully Configurable 🔧 – Manage rate limits in appsettings.json.
| Technology | Purpose |
|---|---|
| .NET 9 | Core framework |
| Redis | Distributed caching & rate limiting |
| StackExchange.Redis | Redis client for .NET |
| MediatR | CQRS pattern implementation |
| Serilog | Logging |
| xUnit | Unit testing framework |
| Moq | Mocking for unit tests |
📌 This project follows Clean Architecture principles:
📂 src/
├── 📁 App # Runnable and installers located web api
├── 📁 Domain # Business logic & entities
├── 📁 Application # Use cases, handlers, services
├── 📁 Infrastructure # Redis integration & rate-limiting logic
├── 📁 Persistence # EF Core integration & implementations
├── 📁 Presentation # API controllers & contracts
- Separation of Concerns – Organized and maintainable code.
- Scalability – Easily extendable for new features.
- Testability – Isolated business logic for robust unit tests.
- Restricts requests within a fixed time period.
- Example:
100 requests per minute.
- Maintains a rolling window to smooth traffic bursts.
- Example: Consider last
60 secondsinstead of resetting counters.
- Allows controlled bursts of traffic.
- Example: Users get
100 tokens, refilling at10/sec.
- Limits the number of simultaneous API requests.
- Example:
Max 10 concurrent users.
- Identifies and restricts request flow per IP address.
- Ensures fair resource allocation across users.
✅ .NET 9 SDK
✅ Redis
✅ Visual Studio Code
✅ Postman (for API testing)
git clone https://github.com/MrEshboboyev/api-rate-limiter.git
cd src dotnet restore docker run -d -p 6379:6379 redis dotnet run --project src/AppModify appsettings.json to configure rate limits:
{
"RateLimitSettings": {
"FixedWindow": {
"PermitLimit": 100,
"WindowInSeconds": 60
},
"SlidingWindow": {
"PermitLimit": 100,
"WindowInSeconds": 60
},
"TokenBucket": {
"BucketSize": 100,
"RefillRate": 10
},
"Concurrency": {
"MaxConcurrentRequests": 10
}
}
}| Method | Endpoint | Description |
|---|---|---|
| GET | /api/rate-limit/get-random |
Enabled endpoint for rate limiting |
| POST | /api/rate-limit/get-random-two |
Disabled endpoint for rate limiting |
Run tests to validate the functionality:
dotnet testSend multiple requests to trigger rate limiting:
curl -X GET http://localhost:5000/api/rate-limit/test✅ If rate limit is exceeded, you’ll get 429 Too Many Requests.
Contributions are welcome! 🎉 If you find any issues or have suggestions, feel free to open an issue or submit a pull request.
This project is MIT Licensed. See the LICENSE file for details.
Special thanks to:
- The .NET and Redis communities for excellent tools.
- Clean Architecture & Domain-Driven Design inspirations.
📬 GitHub: MrEshboboyev
📬 Email: [email protected]
⭐ Star this repository if you found it helpful! 🚀