SKILL-066 Security, testing, and operations Locked skill

Rate limiting

Rate limiting is a counter per key per window: pick the key (user or IP), pick the window, and always tell the caller when to retry with Retry-After.

Unlock download Unlock downloads

What this skill helps you build

Cap how often a caller can hit an endpoint — count requests per key per time window and return 429 + Retry-After when the limit is exceeded.

The production takeaway

Rate limiting is a counter per key per window: pick the key (user or IP), pick the window, and always tell the caller when to retry with Retry-After.

Inside this skill

The full skill expands these implementation areas with decisions, edge cases, prompts, tests, and framework-specific code.

Security, testing, and operations

What this helps you build

A guardrail that caps how often a single caller can hit an endpoint. You count requests against a key a user id, an API key, or an IP inside a fixed window of time, and once the co

🔒

Security, testing, and operations

When to use this

Reach for a rate limit on any endpoint where unlimited calls are dangerous or expensive: Authentication — login, password reset, OTP/2FA verification, signup. These are the prime t

🔒

Security, testing, and operations

The core idea

A rate limit is a counter per key per window . You decide three things: 1. The key — what counts as "one caller". For login, key by IP and by the submitted username; for an API, ke

🔒

Unlock the full implementation

Paid access includes the complete skill body, implementation prompt, common mistakes, production checklist, and code examples where this skill includes them.

Unlock all skills — $199 Browse the library