Implementing a Simple Rate Limiter in Go

By Alessandro D.P.3 min readMarch 13, 2026

The token bucket algorithm allows a fixed number of tokens to be generated over time, where each request consumes a token. If no tokens are available, the request is denied or delayed until a token becomes available. This method is effective for controlling the rate of requests while allowing bursts of traffic.

Implementation Steps

Define the Rate Limiter Structure
Implement Token Generation
Create a Request Handling Function
Test the Rate Limiter

Step 1: Define the Rate Limiter Structure

First, we need to define the structure of our rate limiter. This will include fields for the maximum number of tokens, the refill rate, and the current number of tokens.

package main

import (
    "sync"
    "time"
)

type RateLimiter struct {
    maxTokens     int
    tokens        int
    refillRate    time.Duration
    lastRefill    time.Time
    mu            sync.Mutex
}

Step 2: Implement Token Generation

Next, we will implement a method to refill tokens based on the defined refill rate. This method will run in a separate goroutine.

func NewRateLimiter(maxTokens int, refillRate time.Duration) *RateLimiter {
    rl := &RateLimiter{
        maxTokens:  maxTokens,
        tokens:     maxTokens,
        refillRate: refillRate,
        lastRefill: time.Now(),
    }

    go rl.refillTokens()
    return rl
}

func (rl *RateLimiter) refillTokens() {
    for {
        time.Sleep(rl.refillRate)
        rl.mu.Lock()
        if rl.tokens < rl.maxTokens {
            rl.tokens++
        }
        rl.lastRefill = time.Now()
        rl.mu.Unlock()
    }
}

Step 3: Create a Request Handling Function

Now, we will create a function that will handle incoming requests. It will check if a token is available and either allow the request or deny it.

func (rl *RateLimiter) Allow() bool {
    rl.mu.Lock()
    defer rl.mu.Unlock()

    if rl.tokens > 0 {
        rl.tokens--
        return true
    }
    return false
}

Step 4: Test the Rate Limiter

Finally, we will implement a simple test to simulate incoming requests and observe how the rate limiter behaves.

func main() {
    rl := NewRateLimiter(5, 1*time.Second)

    for i := 0; i < 10; i++ {
        if rl.Allow() {
            println("Request allowed")
        } else {
            println("Request denied")
        }
        time.Sleep(200 * time.Millisecond)
    }
}

Summary of Key Concepts

Concept	Description
Rate Limiter	A mechanism to control the number of requests a user can make in a timeframe.
Token Bucket Algorithm	Allows for bursts of requests while maintaining an overall limit.
Goroutines	Lightweight threads managed by the Go runtime, ideal for concurrent tasks.
Mutex	A synchronization primitive to protect shared data from concurrent access.

Best Practices

Concurrency Control: Always use synchronization mechanisms like sync.Mutex to protect shared resources.
Testing: Simulate various load scenarios to ensure your rate limiter behaves as expected under different conditions.
Configuration: Allow dynamic configuration of the rate limits and refill rates based on user roles or API endpoints.

By implementing a rate limiter using the token bucket algorithm, you can effectively manage traffic to your services, ensuring fair usage and protecting against abuse.

Learn more with useful resources: