API Rate Limiter

Implement a per-customer rate limiter for an API. Each customer is allowed X requests per Y seconds. When a request arrives, you must decide whether to accept or reject it based on the customer’s recent request history. You will implement a class or set of functions that support two operations: 1) hit(customer_id, timestamp) – record that a request arrived for the customer at the given timestamp (integer seconds), and 2) is_allowed(customer_id, timestamp) – return true if the customer has not exceeded their quota within the last Y seconds, otherwise return false. You must clean up expired entries lazily (only when processing a hit or allowed call) to keep memory bounded. The solution should efficiently support high throughput with many customers and many requests per second.