Last updated 2026-05-18

Rate Limiter

A generic quota and rate limiting service. Callers pass concrete limits on each gRPC request; the service evaluates those limits against Redis-backed counters and returns an allow or deny decision.

Core boundary

Business rules outside.
Quota math inside.

Products decide which limits apply. Rate Limiter knows algorithms, windows, Redis counters, reservations, concurrency leases, idempotency, and usage events.

What it supports

• Known-cost consumption with atomic counter mutations
• Estimated-cost reservations with finalization and release
• Concurrency leases backed by Redis sorted sets
• Fixed calendar, fixed duration, sliding, token bucket, leaky bucket, and GCRA algorithms
• Idempotent mutating RPCs through caller-supplied request IDs
• gRPC health, reflection, Redis status, and Prometheus metrics
• Append-only usage events to none, stdout, or Postgres

What it does not own

• Product plans, pricing, contracts, or entitlements
• User profiles, tenant profiles, or customer records
• Application-layer auth, JWT validation, API keys, or RBAC
• Admin rule CRUD APIs or a persistent business rule store in v1
• Historical analytics APIs or billing reports

Run locally

docker compose up -d --build
grpcurl -plaintext localhost:28080 quota.v1.QuotaService/GetRedisStatus '{}'
curl -s http://localhost:29090/metrics | head

Where to next

• Quick Start
• Architecture
• gRPC Reference
• Redis Model