Zero Signup ToolsFree browser tools

Developer Tools

API Rate Limit Calculator

Design and analyze API rate limits across fixed window, sliding window, sliding counter, token bucket, and leaky bucket. RPS, burst, refill, and reject rate.

Mode

Design a rate limit

Pick an algorithm and target capacity. The tool reports the steady-state budget, burst, refill time, and reject rate for your expected traffic.

Presets

Common published limits

Drop in the documented limit for a popular API or reference shape, then read the budgets in the panel below.

Policy

Pick an algorithm and the published numbers. All math runs locally.

Algorithm

How many requests are allowed inside each window before the next one is rejected.

The time interval the limit applies to. Pick the unit the provider publishes.

The rate at which YOUR clients send requests. The tool estimates how many will be rejected by the policy above. Leave blank to skip.

Per second

1.67

req/s

Fixed window steady-state

Per minute

100

req/min

Sustained throughput at the cap

Per hour

6,000

req/h

At the steady-state rate

Per day

144,000

req/day

86,400 second budget

Policy details

Counts requests in non-overlapping walls of time. Easy to publish (5,000 per hour) but allows a worst-case 2x burst across window boundaries.

Max burst

100 req

Requests allowed in a single window before the next is rejected.

Refill time

1 min

Time before the next window resets and the budget is restored.

Min spacing

600 ms

Smallest delay between requests to stay at the steady-state rate.

Formula

rps = 100 / 60 s = 1.67 req/s

Budget timeline

How many requests the policy accepts over time at the steady-state rate.

0 s, 0 req120 s, 200 req accepted
10s
20s
30s
40s
50s
60s
70s
80s
90s
100s
110s
120s

Bars show how many requests the policy accepts at the steady-state rate of 1.67 req/s. Buckets and sliding-window policies allow short bursts above this line, while fixed-window policies can double the burst at window boundaries.

Plain text report

Copy a copy-friendly block for a runbook, ticket, or design doc.

API Rate Limit Calculator

Algorithm:        Fixed window
Limit:            100 requests
Window:           1 minute (60 s)

Steady-state budget
  per second:     1.67 req/s
  per minute:     100 req/min
  per hour:       6,000 req/h
  per day:        144,000 req/day

Burst and timing
  max burst:      100 requests
  refill time:    1 min
  min spacing:    600 ms between requests

Formula:          rps = 100 / 60 s = 1.67 req/s

Which algorithm should I use?

A short reference. Pick the row that matches your reliability and fairness goals.

AlgorithmBurstMemory costBorder attackCommon use
Fixed windowUp to 2 x N1 counterVulnerableQuotas published as "N per hour". Simplest to implement.
Sliding window logNN timestampsSafeStrict per-tenant limits. Higher cost at scale.
Sliding counterN2 countersNear safeNginx, Cloudflare, Redis gateways. Best ratio of accuracy to cost.
Token bucketB (bucket size)1 counter + timestampSafeMost public APIs (Stripe, Discord, AWS). Allows controlled bursts.
Leaky bucketB (queue size)Queue of BSafeAPI gateways that enforce a per-second cap. Smooths bursty traffic.

How to use

  1. Pick a preset (GitHub REST, OpenAI, Stripe, Cloudflare, AWS API Gateway, or others) to drop in published limits, or start tuning the inputs from defaults.
  2. Choose an algorithm. Fixed Window is the simplest, Sliding Window log is the strictest, Sliding Counter is the cheapest accurate option, Token Bucket allows controlled bursts, Leaky Bucket smooths bursty traffic into a steady output.
  3. Enter the Limit (requests per window for window algorithms, bucket capacity for bucket algorithms) and either the Window length (per second, minute, hour, or day) or the Refill rate.
  4. Read the headline budget in requests per second, minute, hour, and day, along with the Max burst, Refill time, and Min spacing required between requests.
  5. Optionally enter an Expected arrival rate to estimate how many requests the policy will reject, the reject share, and the worst-case burst it can be tricked into accepting.
  6. Click Copy report to grab a plain-text summary ready to paste into a runbook, design doc, ticket, or code review.

About this tool

API Rate Limit Calculator turns the rate-limit numbers a provider publishes (or a number you are about to publish for your own API) into the budgets engineers actually plan against. Pick one of five algorithms (Fixed Window, Sliding Window log, Sliding Counter, Token Bucket, Leaky Bucket), enter the limit and either a window length or a refill rate, and the tool reports the steady-state throughput as requests per second, per minute, per hour, and per day; the maximum burst that lands back to back without delay; the time required for a fully depleted budget to refill; and the minimum spacing between requests required to stay at the cap. An optional Expected arrival rate field overlays your own traffic on top of the policy and returns a Reject estimate: rejected requests per second, per minute, and per hour, the share of incoming traffic that fails, and the worst-case burst the policy can be tricked into accepting (including the well-known fixed-window border-burst attack that doubles the visible quota at every window boundary). Twelve presets drop in the published limits from popular APIs as a starting point: GitHub REST authenticated and unauthenticated, X (Twitter) v2 Free, OpenAI tier 1 chat, Stripe live mode, Discord global bot, Slack Web API tier 2, RapidAPI free, AWS API Gateway throttle default, Cloudflare Workers free, plus three reference shapes for public, internal, and burst-heavy APIs. A timeline strip shows how many requests the policy accepts over a horizon long enough to cover at least one refill cycle, and a reference table summarises burst behaviour, memory cost, and border-attack safety so you can pick the right algorithm in seconds: Fixed Window for the simplest quota publishing, Sliding Window log for the strictest per-tenant enforcement, Sliding Counter for the Nginx and Cloudflare style approximation, Token Bucket for the Stripe and AWS style controlled-burst pattern, and Leaky Bucket for the per-second shape that an API gateway enforces. A plain-text report panel produces a copy-friendly summary ready to paste into a runbook, a design document, or a code review. Useful for backend engineers sizing API quotas, SREs writing throttling runbooks, API consumers planning their client to stay under a third-party budget, growth teams costing out a public integration, and anyone who has ever had to translate 5,000 requests per hour into something they could plan a worker pool around. All math runs in your browser; the limits, refill rates, and arrival rates you enter never leave your device.

Free to use. Works in your browser. No signup, no login.

Related tools

You may also like

All tools
Developer

Exponential Backoff Calculator

Plan retry delays with exponential backoff and jitter, with totals and a schedule.

Open tool

Developer

SLA Uptime Calculator

Allowed downtime for any SLA percentage from 90% to six nines, across all periods.

Open tool

Developer

HTTP Headers Parser

Parse, classify, and decode HTTP headers, with a missing security headers audit.

Open tool

Developer

HTTP Status Codes

Searchable HTTP status code reference with meaning, class, RFC, and examples.

Open tool

Developer

CORS Preflight Simulator

See whether a cross-origin request passes the browser CORS algorithm and why.

Open tool

Developer

cURL Command Builder

Form-driven builder that emits curl, PowerShell, HTTPie, wget, fetch, and raw HTTP/1.1.

Open tool

All toolsDeveloper Tools