Client is an unreliable place to enforce rate limiting because client requests can be forged by malicious actors.
Using rate limiter middleware
As an alternative, we can also create a rate limiter middleware.
Using API gateways
Due to the popularity of cloud microservices, rate limiting is usually implemented within a component called API gateway
If your system already uses microservice architecture and includes an API gateway to perform authentication, IP whitelisting, etc, it is better to add the rate limiter to the API gateway instead of implementing it in the server
