Rate Limiting in C# — Don't Let Your API Get Hammered

If you run a public API without rate limiting, it's only a matter of time before a runaway client, a misconfigured retry loop, or a well-intentioned load test brings your service to its knees. .NET 7 shipped a first-class rate-limiting API — no third-party middleware required. This post walks through every knob you can turn.

Prerequisite: the built-in rate limiter lives in System.Threading.RateLimiting and the ASP.NET Core middleware in Microsoft.AspNetCore.RateLimiting. Both ship in the box from .NET 7 onwards.

Why rate limiting matters

Rate limiting protects three things simultaneously: your infrastructure from overload, your downstream dependencies from fan-out abuse, and your legitimate users from a noisy neighbour hogging capacity. It also plugs a class of denial-of-service vectors that auth alone can't stop.

The four built-in algorithms

Prerequisite: the built-in rate limiter lives in System.Threading.RateLimiting and the ASP.NET Core middleware in Microsoft.AspNetCore.RateLimiting. Both ship in the box from .NET 7 onwards.

Why rate limiting matters

The four built-in algorithms

Rate Limiting in C# — Don't Let Your API Get Hammered

Rate Limiting in C# — Don't Let Your API Get Hammered

Related reading

Building a Rate Limiter That Actually Works

API Throttling: Algorithms, Patterns & Mistakes

Rate Limiting Done Right: Respecting X's Anti-Abuse Stack

Rate limiting in web apps: what to protect before picking a library

API Design for High-Throughput Systems: Rate Limiting, Versioning, Idempotency

How to Implement Exponential Backoff for Rate-Limited APIs in Python

Related reading

Building a Rate Limiter That Actually Works

API Throttling: Algorithms, Patterns & Mistakes

Rate Limiting Done Right: Respecting X's Anti-Abuse Stack

Rate limiting in web apps: what to protect before picking a library

API Design for High-Throughput Systems: Rate Limiting, Versioning, Idempotency

How to Implement Exponential Backoff for Rate-Limited APIs in Python