Rate limitingthat doesn't break.
Redis-backed request control, API key management, live observability, and production-grade enforcement through one clean service.
Built like infrastructure.
Designed like a tool.
Fixed window, sliding window, and token bucket. Pick per route.
Backed by Redis. No race conditions. Globally consistent counters.
Every check is logged. Every block is visible. No black boxes.
# Create a rate-limit rule
curl -X POST https://ratesheild.onrender.com/check \
-H "X-API-Key: YOUR_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"key": "user:123",
"algo": "sliding",
"window": 60,
"limit": 100
}'
# Response
# 200 OK → request allowed
# 429 → rate limit exceededWhy not just use Redis INCR?
You could. Here's what you'd also have to build and maintain.
Redis INCR + EXPIRE is two commands. Between them, keys leak. RateShield uses Lua scripts for atomic check-and-increment.
You need sorted sets, ZREMRANGEBYSCORE, ZCARD, and cleanup logic — all atomically. One missed edge case and your limits drift.
Hash maps, fractional refill math, last-refill timestamps. Get the math wrong and you either throttle users or let traffic through.
Per-user isolation, API key management, revocation, audit logs, dashboard. That's weeks of work before you write your first rate limit.
Stop guessing.Start measuring.
Free for the first 100k requests/month. No card required.
Get your API key