api-rate-limiting
This skill implements API rate limiting using token bucket, sliding window, and Redis-based algorithms to protect public APIs from abuse, enable tiered access, and prevent denial-of-service attacks.
Packaged view
This page reorganizes the original catalog entry around fit, installability, and workflow context first. The original raw source lives below.
Install command
npx @skill-hub/cli install secondsky-claude-skills-api-rate-limiting
Repository
Skill path: plugins/api-rate-limiting/skills/api-rate-limiting
This skill implements API rate limiting using token bucket, sliding window, and Redis-based algorithms to protect public APIs from abuse, enable tiered access, and prevent denial-of-service attacks.
Open repositoryBest for
Primary workflow: Ship Full Stack.
Technical facets: Full Stack, Backend.
Target audience: everyone.
License: Unknown.
Original source
Catalog source: SkillHub Club.
Repository owner: secondsky.
This is still a mirrored public skill entry. Review the repository before installing into production workflows.
What it helps with
- Install api-rate-limiting into Claude Code, Codex CLI, Gemini CLI, or OpenCode workflows
- Review https://github.com/secondsky/claude-skills before adding api-rate-limiting to shared team environments
- Use api-rate-limiting for development workflows
Works across
Favorites: 0.
Sub-skills: 0.
Aggregator: No.
Original source / Raw SKILL.md
---
name: api-rate-limiting
description: Implements API rate limiting using token bucket, sliding window, and Redis-based algorithms to protect against abuse. Use when securing public APIs, implementing tiered access, or preventing denial-of-service attacks.
---
# API Rate Limiting
Protect APIs from abuse using rate limiting algorithms with per-user and per-endpoint strategies.
## Algorithms
| Algorithm | Pros | Cons |
|-----------|------|------|
| Token Bucket | Handles bursts, smooth | Memory per user |
| Sliding Window | Accurate | Memory intensive |
| Fixed Window | Simple | Boundary spikes |
## Token Bucket (Node.js)
```javascript
class TokenBucket {
constructor(capacity, refillRate) {
this.capacity = capacity;
this.tokens = capacity;
this.refillRate = refillRate; // tokens per second
this.lastRefill = Date.now();
}
consume() {
this.refill();
if (this.tokens >= 1) {
this.tokens--;
return true;
}
return false;
}
refill() {
const now = Date.now();
const elapsed = (now - this.lastRefill) / 1000;
this.tokens = Math.min(this.capacity, this.tokens + elapsed * this.refillRate);
this.lastRefill = now;
}
}
```
## Express Middleware
```javascript
const rateLimit = require('express-rate-limit');
const limiter = rateLimit({
windowMs: 15 * 60 * 1000, // 15 minutes
max: 100,
standardHeaders: true,
message: { error: 'Too many requests, try again later' }
});
app.use('/api/', limiter);
```
## Response Headers
```
X-RateLimit-Limit: 100
X-RateLimit-Remaining: 45
X-RateLimit-Reset: 1705320000
Retry-After: 60
```
## Tiered Limits
| Tier | Requests/Hour |
|------|---------------|
| Free | 100 |
| Pro | 1,000 |
| Enterprise | 10,000 |
## Best Practices
- Use Redis for distributed rate limiting
- Include proper headers in responses
- Return 429 status with Retry-After
- Implement tiered limits for different plans
- Monitor rate limit metrics
- Test under load