# Paul Tarjan - Scaling Your API With Rate Limiters (Highlights)

## Metadata
**Review**:: [readwise.io](https://readwise.io/bookreview/62008351)
**Source**:: #from/readwise #from/reader
**Zettel**:: #zettel/fleeting
**Status**:: #x
**Authors**:: [[ Paul Tarjan]]
**Full Title**:: Scaling Your API With Rate Limiters
**Category**:: #articles #readwise/articles
**Category Icon**:: 📰
**Document Tags**:: #work
**URL**:: [stripe.com](https://stripe.com/blog/rate-limiters)
**Host**:: [[stripe.com]]
**Highlighted**:: [[2026-07-12]]
**Created**:: [[2026-07-18]]
## Highlights
- Our API provides the same rate limiting behavior in both test and live modes. This makes for a good developer experience: scripts won't encounter side effects due to a particular rate limit when moving from development to production. ([View Highlight](https://read.readwise.io/read/01kxc77w7g150h2n4d8rjjrcv0)) ^1033741298
- Instead of “You can use our API 1000 times a second”, this rate limiter says “You can only have 20 API requests in progress at the same time”. ([View Highlight](https://read.readwise.io/read/01kxc78yb43ppjq6pj2b4w3v6m)) ^1033741335
- We always reserve a fraction of our infrastructure for critical requests. ([View Highlight](https://read.readwise.io/read/01kxc7bbj7yav29mbffckmbgws)) ^1033742032
- We track the number of workers with available capacity at all times. If a box is too busy to handle its request volume, it will slowly start shedding less-critical requests, starting with test mode traffic. If shedding test mode traffic gets it back into a good state, great! We can start to slowly bring traffic back. Otherwise, it’ll escalate and start shedding even more traffic. ([View Highlight](https://read.readwise.io/read/01kxc7dbmmtk7ywzqe4hgthep5)) ^1033742571
- We use the [token bucket algorithm](https://en.wikipedia.org/wiki/Token_bucket) to do rate limiting. This algorithm has a centralized bucket host where you take tokens on each request, and slowly drip more tokens into the bucket. If the bucket is empty, reject the request. ([View Highlight](https://read.readwise.io/read/01kxc7g71n7tvk1trdyyj6jc5k)) ^1033742810
- Build in safeguards so that you can turn off the limiters. ([View Highlight](https://read.readwise.io/read/01kxc7j9whywmccp8p3cs0xf3x)) ^1033743011
- Start by building a Request Rate Limiter. It is the most important one to prevent abuse, and it’s by far the one that we use the most frequently. ([View Highlight](https://read.readwise.io/read/01kxc7m1vhg5m8323v1e5ywrzk)) ^1033743082