Who am I? Hi, I'm ttatsato . I'm currently developing an open-source API Gateway that sits in front of an API server and lets developers easily manage plan-based rate limiting, API Key issuance, authentication, and usage tracking — all by simply "plugging it in" to an existing server. I believe public APIs will become even more essential as AI agents become the primary way we interact with SaaS, so I want this Gateway to be both robust and highly flexible. In this article, I explore which rate-limiting algorithm best fits that goal, alongside a review of the fundamental concepts. Types of Rate Limiting Algorithms Fixed Window The fixed window algorithm resets its counter at specific time intervals. Suppose we establish a rule of 100 requests per second. The system counts all incoming requests within the one-second window from 10:00:00.000 to 10:00:00.999 , then resets at 10:00:01.000 . Pros The concept and implementation are exceptionally straightforward — just count requests per interval.…