"API安全与速率限制（Rate Limiting）实现指南与最佳实践"

API安全与速率限制（Rate Limiting）实现指南与最佳实践概述API安全需要同时关注身份鉴别、权限控制与流量治理。合理的限流与资源配额可在高并发与攻击场景下保持服务稳定与公平使用。身份与作用域使用JWT携带 `sub`、`scope` 与过期时间细粒度作用域限制到资源与动作后端按 `scope` 决定速率配额与并发阈值令牌桶限流class TokenBucket { capacity: number tokens: number refillRate: number lastRefill: number constructor(capacity: number, refillPerSec: number) { this.capacity = capacity this.tokens = capacity this.refillRate = refillPerSec this.lastRefill = Date.now() } allow(cost = 1): boolean { const now = Date.now() const delta = (now - this.lastRefill) / 1000 this.tokens = Math.min(this.capacity, this.tokens + delta * this.refillRate) this.lastRefill = now if (this.tokens >= cost) { this.tokens -= cost return true } return false } } 漏桶整形class LeakyBucket { capacity: number queue: number leakRate: number lastLeak: number constructor(capacity: number, leakPerSec: number) { this.capacity = capacity this.queue = 0 this.leakRate = leakPerSec this.lastLeak = Date.now() } enqueue(size = 1): boolean { this.leak() if (this.queue + size > this.capacity) return false this.queue += size return true } leak(): void { const now = Date.now() const delta = (now - this.lastLeak) / 1000 const leaked = Math.floor(delta * this.leakRate) this.queue = Math.max(0, this.queue - leaked) this.lastLeak = now } } 组合策略对匿名/IP维度使用令牌桶作为基线对认证用户按 `scope` 叠加配额与优先级高危接口使用漏桶整形避免瞬时峰值压垮后端黑白名单与地理/ASN画像提升阻断效率返回格式{ "error": "rate_limited", "retry_after": 2.5, "limit": 120, "remaining": 0, "scope": "orders:write" } 运维与监控指标：拒绝率、平均等待时长、配额使用率、误杀率预案：当攻击态势上升时下调匿名配额、上调灰度挑战审计：记录被限流的主体、接口、来源与时间窗口通过分层限流与作用域治理，可在复杂流量环境下实现稳定与公平的API服务。