Rate Limiter for API Gateway

Sliding windowThread safetyConcurrency

You're building an API gateway that handles 1M+ requests per minute across thousands of clients. You need to implement a sliding window rate limiter that:

1. Tracks requests per client using their client ID

2. Enforces a configurable rate limit (e.g., 100 requests per minute)

3. Uses a sliding window algorithm (not fixed window — a burst at window boundaries shouldn't allow 2x the limit)

4. Is thread-safe for concurrent access from multiple goroutines/threads

5. Returns true from allow() if the request should be permitted, false if rate limited

Your rate limiter will be used as the first middleware in the gateway chain, rejecting abusive clients before they consume backend resources.

Constraints

●Must use sliding window algorithm (not fixed window)

●Thread-safe for concurrent access

●O(1) time complexity for allow()

●Memory efficient — handle 10K+ clients

●Expired timestamps must be cleaned up

Hints

Test Cases (4)

1. Basic rate limit — 100 req/min

100 requests within the window should all pass

2. Sliding window accuracy

Requests at window boundary should not allow 2x the limit

3. Concurrent safety

Multiple goroutines calling allow() simultaneously should not corrupt state

4. Window expiration cleanup

Old timestamps should be removed to prevent memory leaks

Solution

Loading editor...

Test Results

Click "Run Tests" to execute your solution