Heldinhow/rate-limiting
rate-limiting/SKILL.md
Implement API rate limiting to control request frequency and prevent abuse.
$ install --global
skillsauthnpx skillsauth add Heldinhow/awesome-opencode-dev-skills rate-limitingInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 22, 2026, 7:39 AM117.6s2 files scanned
SKILL.md
- name:
- rate-limiting
- description:
- Implement API rate limiting to control request frequency and prevent abuse.
API Rate Limiting
Overview
Rate limiting controls the number of requests a client can make within a time window, protecting APIs from abuse, ensuring fair usage, and preventing backend overload. This skill should be invoked when protecting APIs from abuse, ensuring fair usage among clients, or preventing backend services from being overwhelmed.
Core Principles
- Algorithm Selection: Choose appropriate algorithm (token bucket, sliding window, fixed window)
- Granularity: Rate limit by user, IP, API key, or endpoint
- Graceful Degradation: Return proper HTTP status codes (429) with retry information
- Transparency: Include rate limit headers in responses
Preparation Checklist
- [ ] Identify rate limit dimensions (per user, per IP, per endpoint)
- [ ] Choose storage backend (Redis for distributed, in-memory for single instance)
- [ ] Define rate limit parameters (requests per minute/hour)
- [ ] Plan response format for throttled requests
Step-by-Step Process
- Select Algorithm: Choose token bucket, sliding window, or fixed window
- Configure Limits: Define requests per time window
- Implement Middleware: Create rate checking middleware
- Add Headers: Include X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Reset
- Handle Throttling: Return 429 with Retry-After header
- Test: Verify limits work correctly under load
Do's and Don'ts
- ✅ Do use Redis for distributed rate limiting across multiple instances
- ✅ Do include clear rate limit headers for client transparency
- ✅ Do implement differentiated limits (stricter for writes, looser for reads)
- ❌ Don't block legitimate users with overly aggressive limits
- ❌ Don't forget to handle edge cases (missing API keys)
- ❌ Don't rely solely on client-side rate limiting
Anti-Patterns
- Hard Limits Only: No graduated limits or grace periods
- Silent Failures: Returning 200 OK with hidden restrictions
- No Logging: Not tracking who is hitting rate limits
- Single Point: Using in-memory storage in distributed systems
Related Skills
Heldinhow/websocket-real-time
tools
VerifiedTrustedCommunity
Implement WebSocket communication for real-time bidirectional client-server communication.
2SKILL.mdUpdated Apr 24, 2026
Heldinhow/webhook-handler
development
VerifiedTrustedCommunity
Implement webhook handlers for processing incoming events from external services.
2SKILL.mdUpdated Apr 24, 2026
Heldinhow/webapp-testing
development
VerifiedTrustedCommunity
Test web applications using Playwright for end-to-end browser testing.
2SKILL.mdUpdated Apr 24, 2026
Heldinhow/web-artifacts-builder
development
VerifiedTrustedCommunity
Build production-quality HTML artifacts using React, Tailwind CSS, and shadcn/ui.
2SKILL.mdUpdated Apr 24, 2026