A scalable backend service built using Spring Boot + Redis to control API traffic using a Fixed Window Rate Limiting algorithm.

Rate limiting helps protect APIs from:

• 🚫 Abuse & spamming
• 🚫 Server overload
• 🚫 Brute force attacks

It ensures fair usage by limiting how many requests a client can make within a time window.

• ✅ Redis-based distributed rate limiting
• ✅ Fixed window algorithm using TTL
• ✅ Atomic request counting using Redis
• ✅ Thread-safe & concurrent request handling
• ✅ Health check endpoint for monitoring
• ✅ Clean layered architecture (Controller, Service, DTO, Model)

• Java 17
• Spring Boot
• Redis
• Docker
• Maven

Client → Controller → Service → Redis → Response

• Controller handles API requests
• Service applies rate limiting logic
• Redis stores request counts with expiry

1. Each request is mapped to a key:

   rate_limit:{clientId}
   

2. Redis increments count:

   INCR key
   

3. First request sets TTL (60 seconds)

4. If count > limit → ❌ Block Else → ✅ Allow

POST /api/rate-limit

{
  "clientId": "user123"
}

{
  "allowed": true,
  "remainingRequests": 4
}

GET /api/health

Rate Limiter is running 🚀

git clone https://github.com/YOUR_USERNAME/rate-limiter-service.git
cd rate-limiter-service

docker run -d -p 6379:6379 --name redis-server redis

In application.properties:

spring.redis.host=localhost
spring.redis.port=6379

mvn spring-boot:run

Use Postman or curl:

curl -X POST http://localhost:8080/api/rate-limit \
-H "Content-Type: application/json" \
-d '{"clientId":"user123"}'

After 60 seconds → counter resets automatically.

• Redis INCR (atomic operation)
• TTL-based window expiration
• Distributed system design basics
• Spring Boot dependency injection

ratelimiter/
 ├── controller/
 ├── service/
 ├── dto/
 ├── model/
 ├── config/

• 🔑 API key-based rate limiting
• 🔐 JWT authentication
• 📊 Monitoring & metrics
• ☁️ Cloud deployment (AWS / Render)

Aaditya Tyagi

⭐ If you like this project, give it a star!