# Paul Tarjan - Scaling Your API With Rate Limiters (Highlights) ![rw-book-cover|256](https://stripe.com/img/v3/home/social.png) ## Metadata **Review**:: [readwise.io](https://readwise.io/bookreview/62008351) **Source**:: #from/readwise #from/reader **Zettel**:: #zettel/fleeting **Status**:: #x **Authors**:: [[ Paul Tarjan]] **Full Title**:: Scaling Your API With Rate Limiters **Category**:: #articles #readwise/articles **Category Icon**:: 📰 **Document Tags**:: #work **URL**:: [stripe.com](https://stripe.com/blog/rate-limiters) **Host**:: [[stripe.com]] **Highlighted**:: [[2026-07-12]] **Created**:: [[2026-07-18]] ## Highlights - Our API provides the same rate limiting behavior in both test and live modes. This makes for a good developer experience: scripts won't encounter side effects due to a particular rate limit when moving from development to production. ([View Highlight](https://read.readwise.io/read/01kxc77w7g150h2n4d8rjjrcv0)) ^1033741298 - Instead of “You can use our API 1000 times a second”, this rate limiter says “You can only have 20 API requests in progress at the same time”. ([View Highlight](https://read.readwise.io/read/01kxc78yb43ppjq6pj2b4w3v6m)) ^1033741335 - We always reserve a fraction of our infrastructure for critical requests. ([View Highlight](https://read.readwise.io/read/01kxc7bbj7yav29mbffckmbgws)) ^1033742032 - We track the number of workers with available capacity at all times. If a box is too busy to handle its request volume, it will slowly start shedding less-critical requests, starting with test mode traffic. If shedding test mode traffic gets it back into a good state, great! We can start to slowly bring traffic back. Otherwise, it’ll escalate and start shedding even more traffic. ([View Highlight](https://read.readwise.io/read/01kxc7dbmmtk7ywzqe4hgthep5)) ^1033742571 - We use the [token bucket algorithm](https://en.wikipedia.org/wiki/Token_bucket) to do rate limiting. This algorithm has a centralized bucket host where you take tokens on each request, and slowly drip more tokens into the bucket. If the bucket is empty, reject the request. ([View Highlight](https://read.readwise.io/read/01kxc7g71n7tvk1trdyyj6jc5k)) ^1033742810 - Build in safeguards so that you can turn off the limiters. ([View Highlight](https://read.readwise.io/read/01kxc7j9whywmccp8p3cs0xf3x)) ^1033743011 - Start by building a Request Rate Limiter. It is the most important one to prevent abuse, and it’s by far the one that we use the most frequently. ([View Highlight](https://read.readwise.io/read/01kxc7m1vhg5m8323v1e5ywrzk)) ^1033743082