Design a distributed rate limiter that caps how many requests a client (API key / IP) can make per time window.
How to approach it
Close by naming what breaks first under load, what you would cut under time pressure, and the one sentence that captures the system’s essence. Identifying the first bottleneck and the consistency/latency tradeoffs is the strongest senior signal you can give.
What breaks first
A hot client key overloading a single counter shard, or the Redis round-trip adding latency.
What to cut under pressure
- per-route custom windows (start with one global policy)
Remember
It is a shared-counter problem: the real decisions are algorithm (token bucket), where state lives, and fail-open vs fail-closed.