Glossary

Fixed window rate limiting

Fixed window rate limiting counts requests in discrete, non-overlapping time buckets — for example, 100 requests per 60-second window. At the start of each window the counter resets to zero. It is the simplest algorithm to implement, but has a well-known boundary exploit: clients that time requests to straddle two windows can send up to 2× the nominal limit in a short burst.

Formula: Boundary exploit: N requests at end of window + N at start of next → up to 2× nominal rate across the boundary.

Related tools

API Rate Limit Calculator

Fixed window rate limiting

Related tools

See also