How to avoid hot grain? 10,000 request/s

Partition your grains some other way, to avoid a hot-spot.

I have a grain that gets the token, it is only related to the tenant. When the tenant's customer enters the system, he must obtain the current tenant's token to know which one is the customer. The token is refreshed every 2 hours. Also, only 24 times a day is allowed. Customers may access up to 1,000 reqeust/s. Of course, if direct webapi, write a service that calls the token, there is redis. It's easy to get and store. But now how to implement all microdot-based microservices?

Not sure I understood the issue. Typically you'll authenticate requests and validate tokens before entering your microservices cloud, in some API gateway. If you do want to authenticate requests in a micro-service, you can perform that in the stateless service grain, which has multiple instances (typically one per cpu core, on each node) so it shouldn't be a bottleneck.

thanks.