API Design Interview Question

What is rate limiting in an API?

Updated 2026-07-10 · Beginner friendly
Quick answer

Rate limiting controls how many requests a client can make in a given time window, such as 100 requests per minute. It protects the API from being overwhelmed, whether by accident or abuse, and keeps the service fair for everyone. When a client goes over the limit, the API responds with status code 429 Too Many Requests.

Why APIs need it

A common technique is a token bucket, where each client has a bucket of tokens that refills over time and each request uses one token. When the bucket is empty, requests are rejected until it refills.

In the interview

Mention the 429 status code and the Retry After header. Saying the API returns 429 with a hint on when to try again shows you know how clients are expected to handle limits.

Want the full API Design guide?

Read every API Design concept with notes, diagrams, and code in one place. Track your progress as you go.

Open the API Design guide All API Design questions