Request → IP Limit → User Limit → Organization Limit → Endpoint Limit → Allow/Deny

// JavaScript/TypeScript example
async function makeAPIRequest(requestFn) {
  try {
    const response = await requestFn()
// Check rate limit headers
const remaining = parseInt(response.headers['x-ratelimit-remaining'])
const reset = parseInt(response.headers['x-ratelimit-reset'])

if (remaining < 10) {
  const resetTime = new Date(reset * 1000)
  console.log(`Rate limit low. Resets at: ${resetTime}`)
  
  // Slow down requests
  await new Promise(resolve => setTimeout(resolve, 1000))
}

return response

} catch (error) {
if (error.status === 429) {
await handleRateLimit(error)
return makeAPIRequest(requestFn) // Retry
}
throw error
}
}

async function exponentialBackoff(requestFn, maxRetries = 5) {
  let attempt = 0
while (attempt < maxRetries) {
try {
return await requestFn()
} catch (error) {
  if (error.status === 429) {
    attempt++
    
    // Get retry delay from header or calculate
    const retryAfter = error.headers?.['retry-after'] || 
                      Math.pow(2, attempt) + Math.random()
    
    console.log(`Rate limited. Retrying in ${retryAfter}s (attempt ${attempt})`)
    await new Promise(resolve =&gt; setTimeout(resolve, retryAfter * 1000))
    
  } else {
    throw error
  }
}

}
throw new Error('Max retries exceeded')
}

class RequestQueue {
  constructor(requestsPerSecond = 10) {
    this.requestsPerSecond = requestsPerSecond
    this.queue = []
    this.processing = false
    this.lastRequestTime = 0
  }
async enqueue(requestFn) {
return new Promise((resolve, reject) => {
this.queue.push({ requestFn, resolve, reject })
this.processQueue()
})
}
async processQueue() {
if (this.processing || this.queue.length === 0) return
this.processing = true

while (this.queue.length > 0) {
  const { requestFn, resolve, reject } = this.queue.shift()
  
  // Ensure minimum time between requests
  const now = Date.now()
  const timeSinceLastRequest = now - this.lastRequestTime
  const minInterval = 1000 / this.requestsPerSecond
  
  if (timeSinceLastRequest < minInterval) {
    await new Promise(r => setTimeout(r, minInterval - timeSinceLastRequest))
  }
  
  try {
    const result = await requestFn()
    resolve(result)
  } catch (error) {
    if (error.status === 429) {
      // Put request back at front of queue
      this.queue.unshift({ requestFn, resolve, reject })
      
      const retryAfter = (error.headers?.['retry-after'] || 30) * 1000
      await new Promise(r => setTimeout(r, retryAfter))
    } else {
      reject(error)
    }
  }
  
  this.lastRequestTime = Date.now()
}

this.processing = false

}
}
// Usage
const requestQueue = new RequestQueue(15) // 15 requests per second
const result = await requestQueue.enqueue(() =>
supabase.from('agents').select('*')
)

import time
import requests
from functools import wraps
class RateLimiter:
def init(self, max_requests=100, time_window=60):
self.max_requests = max_requests
self.time_window = time_window
self.requests = []
def wait_if_needed(self):
    now = time.time()
    
    # Remove old requests outside the window
    self.requests = [req_time for req_time in self.requests 
                    if now - req_time < self.time_window]
    
    if len(self.requests) >= self.max_requests:
        # Calculate wait time
        oldest_request = min(self.requests)
        wait_time = self.time_window - (now - oldest_request)
        
        if wait_time > 0:
            time.sleep(wait_time + 0.1)  # Add small buffer
    
    self.requests.append(now)

def with_rate_limiting(rate_limiter):
def decorator(func):
@wraps(func)
def wrapper(*args, **kwargs):
rate_limiter.wait_if_needed()
        max_retries = 3
        for attempt in range(max_retries):
            try:
                response = func(*args, **kwargs)
                
                if hasattr(response, 'status_code') and response.status_code == 429:
                    retry_after = int(response.headers.get('retry-after', 30))
                    time.sleep(retry_after)
                    continue
                
                return response
                
            except requests.exceptions.RequestException as e:
                if attempt == max_retries - 1:
                    raise
                time.sleep(2 ** attempt)  # Exponential backoff
        
        return response
    return wrapper
return decorator

Usage
rate_limiter = RateLimiter(max_requests=100, time_window=60)
@with_rate_limiting(rate_limiter)
def api_request(url, **kwargs):
return requests.get(url, **kwargs)

import java.time.Instant;
import java.util.concurrent.Semaphore;
import java.util.concurrent.TimeUnit;
public class RateLimiter {
private final Semaphore semaphore;
private final int maxRequests;
private final long timeWindowMs;
private volatile long windowStart;
private volatile int requestCount;
public RateLimiter(int maxRequests, long timeWindowMs) {
    this.maxRequests = maxRequests;
    this.timeWindowMs = timeWindowMs;
    this.semaphore = new Semaphore(maxRequests);
    this.windowStart = System.currentTimeMillis();
    this.requestCount = 0;
}

public void acquire() throws InterruptedException {
    long now = System.currentTimeMillis();
    
    synchronized (this) {
        if (now - windowStart >= timeWindowMs) {
            // Reset window
            semaphore.release(maxRequests - semaphore.availablePermits());
            windowStart = now;
            requestCount = 0;
        }
    }
    
    semaphore.acquire();
    requestCount++;
}

public void release() {
    // Don't release immediately - let time window handle it
    // This prevents burst beyond the rate limit
}

public boolean tryAcquire(long timeout, TimeUnit unit) throws InterruptedException {
    return semaphore.tryAcquire(timeout, unit);
}

}
// Usage with HTTP client
public class APIClient {
private final RateLimiter rateLimiter;
private final HttpClient httpClient;
public APIClient() {
    this.rateLimiter = new RateLimiter(100, 60000); // 100 requests per minute
    this.httpClient = HttpClient.newHttpClient();
}

public HttpResponse<String> makeRequest(HttpRequest request) throws Exception {
    rateLimiter.acquire();
    
    try {
        HttpResponse<String> response = httpClient.send(
            request, 
            HttpResponse.BodyHandlers.ofString()
        );
        
        if (response.statusCode() == 429) {
            String retryAfter = response.headers()
                .firstValue("retry-after")
                .orElse("30");
            
            Thread.sleep(Integer.parseInt(retryAfter) * 1000);
            return makeRequest(request); // Retry
        }
        
        return response;
        
    } finally {
        rateLimiter.release();
    }
}

}

// Get rate limit status for organization
async function getRateLimitStatus() {
  const response = await supabase.functions.invoke('rate-limit-status')
return {
current_usage: response.data.current_usage,
limits: response.data.limits,
reset_times: response.data.reset_times,
burst_available: response.data.burst_available
}
}
// Example response:
{
"current_usage": {
"telemetry_write": 750,
"telemetry_read": 340,
"agents": 45,
"alerts": 12
},
"limits": {
"telemetry_write": 1000,
"telemetry_read": 500,
"agents": 200,
"alerts": 200
},
"reset_times": {
"telemetry_write": "2024-07-23T17:01:00Z",
"telemetry_read": "2024-07-23T17:01:00Z"
},
"burst_available": {
"telemetry_write": 1250,
"telemetry_read": 750
}
}

// Monitor rate limit usage
function monitorRateLimits() {
  setInterval(async () => {
    try {
      const status = await getRateLimitStatus()
  Object.entries(status.current_usage).forEach(([endpoint, usage]) => {
    const limit = status.limits[endpoint]
    const percentage = (usage / limit) * 100
    
    if (percentage > 80) {
      console.warn(`Rate limit warning: ${endpoint} at ${percentage.toFixed(1)}%`)
      
      // Send alert to monitoring system
      sendAlert({
        type: 'rate_limit_warning',
        endpoint,
        usage,
        limit,
        percentage
      })
    }
  })
  
} catch (error) {
  console.error('Failed to check rate limits:', error)
}

}, 30000) // Check every 30 seconds
}

// Instead of multiple single requests
for (const telemetryPoint of data) {
  await supabase.from('telemetry').insert(telemetryPoint)  // 100+ requests
}
// Use batch endpoint
await supabase.functions.invoke('telemetry-batch', {
body: { telemetry: data }  // 1 request
})

class CachedAPIClient {
  constructor(ttlSeconds = 300) {
    this.cache = new Map()
    this.ttl = ttlSeconds * 1000
  }
async get(key, fetchFn) {
const cached = this.cache.get(key)
if (cached && Date.now() - cached.timestamp < this.ttl) {
  return cached.data
}

const data = await fetchFn()
this.cache.set(key, {
  data,
  timestamp: Date.now()
})

return data

}
async getAgents() {
return this.get('agents', async () => {
const { data } = await supabase.from('agents').select('*')
return data
})
}
}

// Instead of separate requests
const agents = await supabase.from('agents').select('*')
const telemetry = await supabase.from('telemetry').select('*')
const alerts = await supabase.from('alerts').select('*')
// Use joins or batch queries
const data = await supabase
.from('agents')
.select(*, latest_telemetry:telemetry(*, created_at.desc.limit(1)), active_alerts:alerts(*))

class ConnectionPool {
  constructor(maxConnections = 10) {
    this.maxConnections = maxConnections
    this.connections = []
    this.waitingQueue = []
  }
async getConnection() {
if (this.connections.length < this.maxConnections) {
const connection = supabase.channel(conn-${Date.now()})
this.connections.push(connection)
return connection
}
// Wait for available connection
return new Promise(resolve =&gt; {
  this.waitingQueue.push(resolve)
})

}
releaseConnection(connection) {
if (this.waitingQueue.length > 0) {
const resolve = this.waitingQueue.shift()
resolve(connection)
}
}
}

// Contact support to configure custom limits
const customLimits = {
  organization_id: "org_01H8K2M3N4P5Q6R7S8T9U0V1W2",
  custom_limits: {
    "telemetry_write": 10000,    // 10x standard limit
    "telemetry_read": 5000,      // 10x standard limit
    "real_time_connections": 500, // 10x standard limit
    "custom_endpoints": {
      "/functions/v1/custom-processing": 2000
    }
  },
  burst_multiplier: 3.0,  // Allow 3x burst instead of 2x
  notes: "High-volume IoT deployment with 10,000+ sensors"
}

// Generate API key with specific limits
const response = await supabase.functions.invoke('generate-api-key', {
  body: {
    name: 'High Volume Telemetry Key',
    permissions: ['telemetry:write'],
    rate_limits: {
      'telemetry_write': 5000,  // Custom limit for this key
      'burst_allowance': 2.5
    },
    expires_in_days: 365
  }
})

class ResilientAPIClient {
  constructor() {
    this.fallbackData = new Map()
    this.rateLimitActive = false
  }
async fetchWithFallback(key, fetchFn, fallbackFn) {
try {
if (this.rateLimitActive) {
// Use fallback immediately if rate limited
return await fallbackFn()
}
  const data = await fetchFn()
  
  // Cache successful responses
  this.fallbackData.set(key, {
    data,
    timestamp: Date.now()
  })
  
  return data
  
} catch (error) {
  if (error.status === 429) {
    this.rateLimitActive = true
    
    // Reset flag after rate limit window
    const retryAfter = error.headers?.['retry-after'] || 60
    setTimeout(() => {
      this.rateLimitActive = false
    }, retryAfter * 1000)
    
    // Use fallback data
    return await fallbackFn()
  }
  
  throw error
}

}
async getAgentsWithFallback() {
return this.fetchWithFallback(
'agents',
() => supabase.from('agents').select('*'),
() => {
// Return cached data or basic fallback
const cached = this.fallbackData.get('agents')
if (cached && Date.now() - cached.timestamp < 300000) { // 5 min cache
return cached.data
}
    // Return minimal fallback data
    return [{ id: 'offline', name: 'Data temporarily unavailable' }]
  }
)

}
}

Request → IP Limit → User Limit → Organization Limit → Endpoint Limit → Allow/Deny