The ngrok API Gateway has launched a global rate limiting feature to ensure reliable service in the face of high request volume, allowing tenants to prioritize clients that remain within their agreed upon usage, plan for future traffic, and scale efficiently. This feature enables developers to configure rate limits with its Traffic Policy module, applying them globally or per IP address or HTTP request header value. The global rate limiter uses a sliding window algorithm to determine whether to limit a request to an endpoint, allowing bursty traffic while protecting against excessive streams of requests. Buckets can be used to specify criteria for incoming requests, ensuring fairness and preventing abusive clients from denying service to others. When the rate limit is exceeded, the rate limiter responds with an HTTP 429: Too Many Requests response, containing a Retry-After header that instructs well-behaved clients to wait before retrying the request.