Arcjet

A comprehensive comparison of rate limiting algorithms covering fixed window, sliding window log, sliding window counter, token bucket, and leaky bucket. Each algorithm encodes different tradeoffs around fairness, burst tolerance, and memory cost. Fixed window is computationally cheap but vulnerable to boundary amplification exploits. Sliding window log offers strict fairness but high memory overhead. Sliding window counter balances accuracy and efficiency for large-scale APIs. Token bucket is recommended as the default for most developer-facing APIs due to its support for controlled bursts while enforcing long-term average rates. The guide also covers distributed rate limiting challenges including consistency tradeoffs and microservices placement considerations.

Rate Limiting Algorithms: Token Bucket vs Sliding Window vs Fixed Window

Distributed Rate Limiting and Global Coordination

Rate Limiting in Microservices Architectures

What Is the Best Rate Limiting Algorithm for APIs?