# Postgres to Redis Rate Limiting Migration Reference ## Overview This document provides guidance for migrating API rate limiting from Postgres to Redis in the Fiddy Finance Buddy App. It covers: - Rate limiting tiers and keying strategies - Migration triggers and operational considerations - Redis setup, scaling, monitoring, and best practices - Example config (not enabled by default) --- ## Rate Limiting Tiers & Keying - **Auth endpoints (login/register):** Strict limits per IP and identifier (email) - **Write endpoints (POST/PUT/DELETE):** Moderate limits per user and IP - **Read endpoints (GET):** Higher limits per user and IP - **Keying:** - Unauthenticated: IP only - Auth endpoints: IP + email - Authenticated: user ID + IP --- ## Migration Triggers Switch to Redis if: - API request volume or burst traffic causes DB contention or latency - Postgres rate limit table grows rapidly or cleanup becomes burdensome - You need native TTL, atomic counters, or horizontal scaling --- ## Redis Management & Planning ### Setup - Provision Redis (self-hosted or managed) - Secure networking, secrets, and access control - Integrate Redis client in backend (e.g., `ioredis` or `redis` npm package) ### Scaling - Monitor memory usage, eviction policy, and connection pools - Use Redis clustering/replication for high availability ### Monitoring - Set up alerting for latency, memory, and connection errors - Track rate limit key usage and eviction ### TTL & Data Retention - Use Redis native TTL for expiring rate limit keys - No manual cleanup required ### Backup - Backups are optional for rate limit counters - Focus on monitoring and HA --- ## Example Redis Config (Not Enabled by Default) ### docker-compose.yml (add, but comment out) ``` # redis: # image: redis:7 # ports: # - "6379:6379" # restart: unless-stopped ``` ### .env.example ``` # REDIS_URL=redis://localhost:6379 ``` ### Node.js Integration Example ``` // ...existing code... // import Redis from 'ioredis'; // const redis = new Redis(process.env.REDIS_URL); // ...existing code... ``` --- ## Best Practices - Document migration triggers in backend guidance - Keep Redis config ready but disabled until needed - Reference this doc in PROJECT_INSTRUCTIONS.md for future backend work --- ## References - [Redis Official Docs](https://redis.io/docs/) - [ioredis npm package](https://www.npmjs.com/package/ioredis) - [Rate limiting patterns](https://redis.io/docs/management/rate-limiting/) --- _Last updated: 2026-02-09_