Blog

Distributed rate limiting with Redis: consistent counters behind a CORS-aware gateway

Token bucket or sliding window algorithms in Redis keep limits fair across horizontally scaled API nodes.

Published: 2025-11-20Updated: 2025-11-221 min read

redisrate-limitscaling

Client-visible headers

Echo remaining quota in response headers for browser apps to show progress UI.

Keep header names stable across versions to avoid breaking frontend parsers.

Define behavior when Redis is unavailable—fail open versus closed is a product decision with security impact.

Replicate Redis for HA but watch replication lag affecting limit accuracy briefly.