Backend concept

Rate Limiting & Backpressure

Token buckets, quotas, fair usage, cost-based limits, retry storms, and abuse protection.

Practice this concept Review missed items Back to concept map

Why this matters

Good limits protect shared backend resources without punishing normal users.

How to practice

Choose the limiting key that matches the expensive resource: IP, account, endpoint, job, or dependency.

0 active misses 0 reviewed 0 games completed

Local review for this concept

No local review items for this concept yet.

Start a focused review session for Rate Limiting & Backpressure.

Learning objectives

  • Match rate limits to the resource being protected.
  • Distinguish per-IP, per-user, per-account, cost-based, and concurrency limits.
  • Use Retry-After, backoff, jitter, and circuit breakers to reduce overload.
  • Compare routing strategies under changing server capacity.
  • Understand overload, latency, and health-aware routing.
  • Connect horizontal scaling to practical traffic distribution.

Common mistakes to avoid

  • Using only per-IP limits for authenticated or account-level abuse.
  • Applying the same raw request limit to cheap and expensive operations.
  • Relying on client-side debounce as the only protection.
  • Letting retries synchronize into a retry storm.
  • Treating all servers as equal when they have different capacity.
  • Ignoring server health during traffic spikes.

Games for Rate Limiting & Backpressure

Start with the first game, then use local review history to revisit missed decisions.

Scaling Intermediate

Rate Limit Architect

Choose rate limiting designs for realistic backend traffic patterns, from public APIs and login endpoints to queues, webhooks, and retry storms.

Time
6-9 minutes
Concept
Rate limiting, fairness, backpressure, and abuse protection
  • Data & Performance
  • Rate limiting
  • Scaling
  • 429
Play Rate Limit Architect
Scaling Intermediate

Load Balancer Challenge

Route simulated traffic across backend servers using round robin, weighted round robin, least connections, and random strategies.

Time
6-10 minutes
Concept
Load balancing strategies
  • Production Reliability
  • load balancing
  • scaling
  • latency
Play Load Balancer Challenge
APIs Intermediate

Webhook Signature Forensics

Investigate webhook requests and choose safe handling for signatures, replay windows, retries, idempotency, and durable acknowledgement.

Time
6-9 minutes
Concept
Webhook verification, replay protection, idempotency, and retry-safe processing
  • Foundations
  • webhooks
  • HMAC
  • idempotency
Play Webhook Signature Forensics