Skip to content

Algorithms

POST /v1/limit supports three single-shot algorithms, selected with the algorithm field. Each takes a limit and a window_ms; how they use that window is where they differ.

  • sliding_window — a precise rolling window. There’s no burst at the window boundary: the count that matters is always “in the last window_ms,” not “since the clock last ticked over.” Use this when you need the tightest, most predictable limit.
  • token_bucket — allows bursts up to a capacity, then refills at a steady rate. Good for traffic that’s naturally spiky but should average out over time, like a client that occasionally fires a batch of requests.
  • fixed_window — the simplest and cheapest counter: it resets every fixed interval. It can admit a burst right at the reset boundary, but for many use cases that’s an acceptable trade for simplicity.

Starter includes sliding_window and fixed_window. Pro and Scale add concurrent_limit, which limits in-flight work rather than requests per window — see Concurrency & leases. Requesting an algorithm your plan doesn’t include returns 403 with code algorithm_not_on_plan.

Terminal window
curl -X POST https://api.detent.fr/v1/limit \
-H "Authorization: Bearer dt_live_…" \
-H "Content-Type: application/json" \
-d '{"namespace":"checkout","key":"user_42","algorithm":"sliding_window","limit":100,"window_ms":60000}'
{ "allowed": true, "remaining": 87, "reset_ms": 41230, "limit": 100 }