rate-limit

Outbound rate limiting is one of those “quiet reliability” features: customers rarely notice it until it’s missing. I prefer a simple token bucket using golang.org/x/time/rate because it’s well-tested and easy to reason about. Each call waits for a to

Rate limits are normal in production; what matters is how clients behave when they hit them. Instead of hammering an upstream with immediate retries, I parse Retry-After (seconds) and sleep before retrying. I still keep an upper bound so one request d

If you expose an API to the public internet, you need a basic guardrail against bursts. I like a token bucket with rate.NewLimiter because it’s easy to reason about: steady-state rate plus a burst capacity. The middleware checks Allow() and returns 42