Build Status

Fred the Guardian


Writing a little ping pong service that implements rate limiting with the programming language golang.


Web application

  • Runs in a docker container
  • implements the following throttling policy:
    • maximum of 10 “ping” requests are allowed per x-secret-key and per minute
    • maximum of 2 requests per second are allowed, regardless of the x-secret-key

CLI tool

  • Sends 1 “ping” request per second
  • Stops sending “ping” requests when limit of allowed requests is reached
  • Starts sending “ping” requests again when throttling is expired


Endpoint /ping


Payload example:

{ "request": "ping" }

Required headers:

x-secret-key: str

“x-secret-key”: a random string


response payload (when not throttled):

{ "response": "pong" }

Expected response payload(when throttled):

{ "message": "request throttled request", "throttle_age": int }

Response attributes:

“message” – friendly message explaining what is happening

“throttle_age” – the elapsed time(in seconds) since the throttling has been applied


There a couple of web servers and ingress controllers out there they implement different rate limiting algorithm already.

  • apache
  • nginx (experience with)
  • kong
  • istio

In my opinion its better to use one of those above if rate limiting itself is not the core of the companies business.


This would be the road map for a self developed rate limiting service.

To do

Version 1

  • implement the ping web server API without rate limiting
  • implement the pong client interface
  • setup local minibike for first deployment

Version 2

  • implement the first simple rate limiting based on in memory counters

Version 3

  • implement the rate limiting with counters stored in redis

Version 4

Version 5

Version 6

Version 7


View Github