How would you design a rate-limiting system for a public-facing API to prevent abuse while ensuring high availability?