Rate limiting is a pattern for a special counter that is used to limit the rate at which an operation can be performed. The classic materialization of this pattern involves limiting the number of requests that can be performed against a public API.

The API provider has a silver bullet for these issues—rate limiting. Rate limiting is the process by which an API rejects requests for a variety of reasons, ranging from having too many concurrent connections, to the requester forming a poor request for high amounts of data. By implementing rate limiting, the developer essentially installs a spigot that can be relaxed to allow for greater flow or tightened to reduce the flow within the system. Another one of the reasons to implement rate limiting is to defend applications against Denial of Service (DoS) attacks.

In a safety context, the developer needs to consider the limitations of a system, so as to prevent overflowing. Just like, packed road results in congestion and accidents so do an over-limited logical connection.

From a business context, API providers can implement rate limiting as a profit-and-cost-negation technique. By requiring high-volume users to pay for premium plans, the increased operating expense can be negated and turned instead into a revenue stream.