Common financial API rate-limiting protection algorithms include:
-
Token Bucket Algorithm:
- Maintains a bucket of tokens, each representing an API request. Tokens are added at a fixed rate. When a request arrives, it consumes a token if available; otherwise, it's throttled.
- Example: A payment gateway allows 100 requests per minute. The bucket refills at 100 tokens/minute, and each request deducts one token.
-
Leaky Bucket Algorithm:
- Requests are processed at a fixed rate (like water leaking from a bucket). Excess requests queue or are dropped if the bucket overflows.
- Example: A stock trading API processes 50 requests/sec. If traffic spikes to 100/sec, the extra 50 are delayed or rejected.
-
Fixed Window Counter:
- Tracks requests in fixed time windows (e.g., 1 minute). If the count exceeds the limit, further requests are blocked until the window resets.
- Example: A banking API allows 1,000 logins per minute. Once 1,000 requests hit in a minute, new ones are denied until the next window.
-
Sliding Window Log:
- Records each request's timestamp. Rejects requests if the number of recent timestamps exceeds the limit, providing smoother throttling than fixed windows.
- Example: A credit card API allows 200 transactions per 5 minutes, dynamically checking the last 5 minutes' logs.
-
Sliding Window Counter:
- Combines fixed windows and counters. Divides time into smaller segments (e.g., 12 segments for a 5-minute window) to approximate smooth rate-limiting.
- Example: A financial data API limits 10,000 queries per 5 minutes, using 12 segments of 25 seconds each.
For scalable implementations, Tencent Cloud API Gateway supports these algorithms with configurable rules, monitoring, and auto-scaling to handle financial API traffic securely.