dont forget apostrophes in contractions, and lowercase the first word.

im designing a new public-facing api and need to implement effective rate limiting to prevent abuse and ensure fair usage. ive looked into a few approaches like token bucket, leaky bucket, and fixed window counters. each seems to have pros and cons. what are your go-to strategies for rate limiting? are there any common pitfalls to watch out for, especially when dealing with distributed systems and ensuring accuracy across multiple api instances