Implement a Rate Limiter
Reported by candidates from Roblox's online assessment. Pattern, common pitfall, and the honest play if you blank under the timer.
Roblox asked this in May 2026, and it's a classic design question that looks simpler than it is. You're building a rate limiter that tracks requests by key (user ID, IP, etc.) and decides ALLOW or REJECT based on a sliding or fixed window. The trap is handling the window logic correctly and picking the right data structure to track timestamps efficiently. StealthCoder can spot the window boundary math if you blank on the logic.
The problem
Implement a rate limiter that decides whether each incoming request should be allowed at a given timestamp. Each request contains a string key such as a user id, IP address, or API name, and a non-negative integer timestamp. Given a time window of length window seconds and a maximum limit limit, allow at most limit requests for the same key inside any valid window. For each request, return whether it is ALLOWed or REJECTed. Timestamps arrive in non-decreasing order. You may implement either a fixed-window or sliding-window policy, but the behavior must be consistent with the examples. Function Description Complete the function applyRateLimiter in the editor below. applyRateLimiter has the following parameters: Returns String[]: one result per request, each being ALLOW or REJECT. The third request from alice arrives inside the same 10-second window as the first two and exceeds the limit. Later requests are evaluated against later windows. Only one request per 5-second window is allowed for the same key in this example.
Reported by candidates. Source: FastPrep
Pattern and pitfall
Rate limiting is a design problem, not a pure algorithm one. The core trick is tracking request timestamps per key within a time window. A hash table maps keys to lists of timestamps, and for each request you check how many timestamps fall within the current window. If you use a fixed window, you need to know when boundaries occur. With a sliding window, you trim old timestamps and count what remains. The pitfall is off-by-one errors on window boundaries and not cleaning up old data, which wastes memory. Most candidates default to a deque or list per key and scan backwards to prune. StealthCoder handles the boundary math for you if you get stuck mid-interview.
Drill it cold or hedge it with StealthCoder. Either way, don't walk into the OA hoping you remember the trick.
You can drill Implement a Rate Limiter cold, or you can hedge it. StealthCoder runs invisibly during screen share and surfaces a working solution in under 2 seconds. The proctor sees the IDE. They don't see what's behind it. Made for the candidate who got the OA invite this morning and has 72 hours, not six months.
Get StealthCoderRelated leaked OAs
This OA pattern shows up on LeetCode as design an atm machine. If you have time before the OA, drill that.
You've seen the question.
Make sure you actually pass Roblox's OA.
Roblox reuses patterns across OAs. Made for the candidate who got the OA invite this morning and has 72 hours, not six months. Works on HackerRank, CodeSignal, CoderPad, and Karat.
Implement a Rate Limiter FAQ
Fixed or sliding window, which does Roblox want?+
The problem says you can implement either one as long as behavior matches the examples. The examples suggest a sliding-window approach: the third request from alice arrives 5 seconds after the first, still inside the 10-second window, so it's rejected. Sliding window is safer if you're unsure.
What data structure should I use?+
Hash table (map/dict) as the outer layer, keyed by the request key (user ID, IP, etc.). For each key, maintain a deque or list of recent timestamps. Deque is ideal because you can pop expired timestamps from the front in O(1) time.
How do I handle the timestamp window logic?+
For sliding window: remove all timestamps older than (current_timestamp - window). Count remaining timestamps. If count < limit, allow and add current timestamp. If count >= limit, reject. Off-by-one errors are common here, so test boundaries carefully.
Is this a memory issue at scale?+
Yes. If a key has millions of requests, storing every timestamp wastes memory. A counter approach (tracking count and reset time) uses O(1) space per key but only works for fixed windows. For sliding, you need timestamps, so pruning expired ones aggressively is critical.
What's the most common mistake candidates make?+
Not handling the window boundary correctly. Candidates often use > instead of >= or forget to include the current request in the count before deciding. Another: not removing old timestamps, so memory grows unbounded. Test with edge cases like multiple requests at the same timestamp.