Concepts & Algorithms

Understand the core concepts behind rate limiting (like token bucket, sliding window) and learn about the specific algorithms implemented within oss-ratelimit.

The identifier is a unique string used to track requests for a specific user, IP address, API key, or any other entity you want to rate limit. This is the primary argument passed to the .limit() method.

Redis

Redis is used as the fast, distributed backend store for tracking request counts or tokens. oss-ratelimit uses efficient Lua scripts to perform atomic operations directly on the Redis server, minimizing latency and race conditions.

Algorithms

oss-ratelimit provides several common rate limiting algorithms:

Fixed Window: Counts requests within discrete time windows (e.g., 10 requests per minute). Simple, but can allow bursts at window edges.
Sliding Window: Counts requests within a rolling time window. Smoother than Fixed Window, generally preferred for API rate limiting. More resource-intensive.
Token Bucket: Allows bursts based on accumulated tokens that refill over time. Good for throttling based on average rate while allowing occasional peaks.

Choose the algorithm that best suits your specific use case.

Algorithms In Depth

Counts requests within fixed, non-overlapping time intervals.

Configuration:

Fixed Window Example

import { fixedWindow } from 'oss-ratelimit';
 
const fwLimiter = fixedWindow(
  100,    // Max 100 requests
  '1 h'   // Per hour window (windows reset on the hour)
);

Use Case: Simple limits like "max 5 login attempts per 15 minutes".

Pros: Simple to understand and implement, lower Redis resource usage. Cons: Allows double the rate limit burst at the boundary between two windows.

Concepts & Algorithms

Core Concepts

Identifier

Redis

Algorithms

Algorithms In Depth

On this page