</>shravan.dev
← Back to all articles

Designing a Rate Limiter with Redis

Token bucket vs sliding window — implementing rate limits that actually work in production.

Jun 1, 2026 · 1 min read · Backend

Designing a Rate Limiter with Redis

Every public API needs rate limiting. Redis makes it cheap to implement at scale.

Fixed window

Simple counters per time bucket. Easy, but burst traffic at window edges can slip through.

Sliding window log

Store timestamps per request, trim old entries. Accurate, but memory-heavy at high QPS.

Token bucket (my default)

-- atomic decrement + refill in one round trip
local tokens = redis.call('GET', KEYS[1])

Refill tokens at a steady rate. Smooths bursts without punishing legitimate spikes.

Takeaway

Start with token bucket. Add per-route limits later. Log rejections — they're product signals.