π Overview
This project implements an API Rate Limiting System using Spring Boot and MongoDB. It enforces fair usage of APIs by restricting requests based on configurable rules and provides monitoring & analytics endpoints.
β‘ Features Implemented
Sliding Window (Per-Minute Limits): Restricts requests per API key within the last minute.
Fixed Window (Daily Quotas): Enforces daily request caps per API key.
Burst Handling: Allows brief request spikes above normal limits.
Endpoint-Specific Limits: Different rate limits for different API endpoints.
IP-Based Blocking: Temporarily blocks abusive IPs.
Monitoring & Analytics APIs:
/api/health β System stats (requests/min, uptime, denied requests, etc.)
/api/violations β Recent violations with reason and timestamp
π Tech Stack
Java 17
Spring Boot (REST APIs, validation)
MongoDB (API keys, request logs, violations)
Maven (build tool)
Docker (optional for MongoDB)
π Project Structure src/main/java/com/rate_limiter β βββ controller # REST controllers (RateLimit, Analytics, API Keys) βββ service # Business logic (rate limiting, analytics) βββ model # MongoDB entities (ApiKey, RequestLog, DTOs) βββ repository # Mongo repositories βββ RateLimiterApplication.java # Entry point
π Getting Started β Prerequisites
Java 17+
Maven
MongoDB (local or Docker)
The backend will start at:
π‘ API Endpoints π API Key Management
POST /api/keys β Create API Key
GET /api/keys β List all API Keys
βοΈ Rate Limiting
POST /api/check-limit?endpoint=/api/test&ip=192.168.1.1 Header: X-API-KEY: Response:
{ "allowed": true, "remaining": 998, "limit": 1000 }
π Monitoring & Analytics
GET /api/health β Live system stats
GET /api/violations?limit=10&appName=MyApp β Recent violations
π§ͺ Testing with cURL
curl --location --request POST 'http://localhost:8080/api/check-limit?endpoint=%2Fapi%2Ftest&ip=192.168.1.1'
--header 'X-API-KEY: '
π Future Enhancements
Redis integration for faster request counting
JWT-based authentication for API key management
Advanced alerting for violations