Rate-limiting per-user API keys without a queue

Token buckets in Postgres, no Redis, and a hot-key strategy that doesn't pretend hot keys won't exist.

Amy TeamMarch 10, 20261 min read

Every rate-limit blog post says "use Redis." Most products don't have a Redis. We didn't either, so we asked whether Postgres alone could carry the load — and the answer was, comfortably, yes.

A token-bucket row per user, an update ... returning for atomic decrement, and a sliding window cap to absorb burst skew. The hot-path is one round-trip; the worst-case is one round-trip; we never had to introduce a new datastore for a feature that's cheaper than the data it protects.

More in Amy Engineering

View all →

Amy Engineering

How is Amy's credit system

How we ship a credit-based ledger that survives partial failures, refunds, and webhook re-deliveries — without losing a single cent.

Henry NgApril 22, 20263 min read

Amy Engineering

How we sandbox untrusted browser tools

Running an agent's browser actions next to production data is a footgun. Here's the isolation model we landed on.

Amy TeamApril 7, 20261 min read

Amy Engineering

Observability for long-running agent runs

Traces work great until your span outlives your trace exporter. Notes from instrumenting eight-hour agent jobs.

Amy TeamMarch 31, 20261 min read