Requirements review #298
Description
Hello!
I would like to confirm a few points/assumptions:
Rules:
- Rules priority: assuming that they do not have priority in this first version.
- Combined Rules: assuming that all of them are executed (AND multiple rules).
- Extendable rules: I am assuming that this should be addressed by the design of the solution, allowing the creation of new rules when a requirement came in for a new rule. I am assuming that recompiling the application is acceptable.
- Default Rule: assuming that an endpoint without a rate limit rule is open for consumption.
Architecture Assumptions:
- As described in the exercise, I am assuming that the Rate Limiter could be a separate service, shared across multiple servers or processes, that will be deployed in a layer between the client and the APIs.
- The Rate Limiter can be used in a distributed environment, i.e., we can have more than one instance of the Rate Limiter.
- I am also assuming, for the purposes of this exercise, that the Rate Limiter will be used in a high-scale environment, i.e., it must be able to handle a large number of requests.
- Security: I am assuming, for the sake of simplicity, that concerns with client token validation and rotation are outside the scope of the Rate Limiter.
Thanks!