A beginner-friendly, step-by-step project for building a production-inspired rate limiter API in Rust.
This repository is not just a finished project—it’s a guided roadmap to help you understand how real-world backend systems are built.
Disclaimer: This README file is AI-generated since I'm too lazy to write it on my own.
Build a rate limiter from scratch and evolve it into a real-world API component.
By the end, you will understand:
- Core rate limiting algorithms
- Rust concurrency (
Arc,Mutex) - Building APIs using a web framework
- How production systems enforce limits
- Systems thinking (how backend services control traffic)
- State management in Rust
- Thread safety and shared state
- API design basics
- Incremental development (build → test → improve)
Phase 1: DONE
Goal: Understand how rate limiting works internally.
- Implement a
TokenBucketstruct - Add:
-
new(capacity, refill_rate) -
allow_request() -> bool
-
- Simulate requests in
main.rs - Print:
-
"Allowed" -
"Rate Limited"
-
- Time tracking (
Instant) - Floating-point calculations
- Mutable state
Request 1 → Allowed
Request 2 → Allowed
Request 11 → Rate Limited
Goal: Turn your logic into a usable web service.
- Axum (lightweight and beginner-friendly)
- Create a basic HTTP server
- Add endpoint:
-
GET /request
-
- Return:
-
200 OK→ allowed -
429 Too Many Requests→ blocked
-
- Store limiter in shared state using:
-
Arc -
Mutex
-
- Shared state in Rust
- Basic routing
- HTTP status codes
Goal: Make the limiter more realistic.
- Replace single limiter with:
-
HashMap<String, TokenBucket>
-
- Identify users via:
- IP address OR
- API key
- Create buckets dynamically
- Hash maps
- Dynamic state management
- Multi-user systems
Goal: Make limits configurable like real systems.
- Define rate limit rules (hardcoded first)
- Optionally load from JSON
- Support different tiers:
- Free → low limit
- Premium → higher limit
{
"free": { "capacity": 10, "refill_rate": 5 },
"premium": { "capacity": 100, "refill_rate": 50 }
}Goal: Apply rate limiting automatically to routes.
- Refactor limiter into middleware
- Apply to all or selected routes
- Remove limiter logic from handlers
- Middleware pattern
- Separation of concerns
- Use Redis for shared state
- Allow multiple server instances
- Implement:
- Leaky Bucket
- Fixed Window
- Sliding Window
- Add logging
- Track:
- Allowed requests
- Blocked requests
- Measure requests per second
- Compare algorithms
curl http://localhost:3000/request200 OK
Request allowed
429 Too Many Requests
Rate limit exceeded
- Rust
- Axum (web framework)
- Tokio (async runtime)
- Serde (for JSON, optional)
src/
├── main.rs
├── limiter/
│ ├── token_bucket.rs
│ └── mod.rs
├── api/
│ ├── routes.rs
│ └── middleware.rs
Rate limiting is used in:
- API gateways
- Authentication systems
- Payment services
- Cloud platforms
This project demonstrates real backend engineering skills, not just CRUD.
- Build → test locally
- Break things → fix them
- Refactor → improve structure
- Repeat
- Add authentication
- Integrate with a database
- Deploy using Docker
- Add a frontend dashboard
This project is a personal learning roadmap, but feel free to:
- Suggest improvements
- Add new algorithms
- Optimize performance
MIT License
Don’t rush to “advanced” features.
Focus on:
Understanding why things work, not just making them work.
That’s what turns this from a project into real skill.