Which rate-limiting algorithm smooths out request bursts better than a fixed window by constantly checking the rate over a moving time period?

The rate-limiting algorithm that smooths out request bursts better than a fixed window by constantly checking the rate over a moving time period is the Sliding Window Counter algorithm. Rate limiting is a technique that controls the number of requests a client can make to a service within a specific timeframe, preventing abuse, overuse, and denial-of-service attacks. A request burst occurs when a high volume of requests arrives in a very short period. The fixed window algorithm counts requests within a non-overlapping time interval, such as one minute. For instance, if a limit is 100 requests per minute, a new window starts every minute, and the counter resets. The main weakness of the fixed window is that a client could send a rapid burst of requests at the end of one window and another rapid burst at the beginning of the next, effectively doubling the allowed rate in a short period around the window boundary, which can still overwhelm the system. The Sliding Window Counter algorithm overcomes this limitation by combining elements from the current fixed window with a weighted portion of the previous fixed window. When a request arrives, the algorithm calculates how many requests have occurred in the current fixed window. Simultaneously, it looks back at the counter for the previous fixed window and determines what proportion of that previous window's requests still fall within the current *slidingtime period. For example, if the current time is 30 seconds into the current one-minute window, the algorithm considers the last 30 seconds of the previous minute. It then takes a weighted count of requests from the previous window (e.g., 50% of the previous window's total if 50% of its duration overlaps with the current sliding window) and adds it to the current window's request count. The sum of these two counts represents the total requests within the full, moving one-minute window ending at the current request time. If this combined total exceeds the defined limit, the request is denied. This continuous evaluation over a constantly moving time period effectively prevents the double-burst problem of fixed windows, providing a much smoother and more accurate enforcement of the rate limit.