[zoogeny]

I would suspect that for the vast majority of use cases, using Redis as a rate-limiter is totally sufficient until major traffic is expected.

I mean, Redis isn't a replacement for WAF or some other CDN-like-soak (e.g. Cloudflare). But for basic APIs on authenticated CRUD apps with even 10s of millions of DAUs (maybe 10k concurrent users) - I think it is probably fine.

If you need something more than Redis for rate limiting, you'll know it. I prefer to keep it simple at the start.