Security · Intermediate · Live online
Rate Limiting and Fair Usage
Token buckets, leaky counters, and communicating limits to API clients.
Rate limits are UX. We practice language in headers and bodies that reduce angry support tickets.
Duration: 3 weeks
Tuition (informational): 5,100,000 VND
Final quotes come from admissions. See Money-Back Policy for eligibility.
What ships in the syllabus
- Algorithm comparison spreadsheet
- 429 payload design studio
- Retry-After honesty exercise
- Per-tenant fairness scenarios
- Redis sliding window lab
- Load test to validate limiter configs
- Mentor review of limiter PR
Outcomes we actually assess
- Tune a limiter with documented burst tolerance
- Author a client-facing limits page draft
- Graph limiter behavior under two traffic shapes
Minh Vo
API reviewer for payment integrations; publishes internal RFC templates.
FAQ — including what we skip
DDoS protection?
Edge vendor discussion only; focus is application limits.
GraphQL complexity?
Not covered.
Limitation?
No billing integration for overages.
Experience notes
“Retry-After exercise caught our optimistic client backoff.”