Uncontrolled API access leads to abuse and downtime. Laravel provides built-in rate limiting with flexible customization. At ZIRA Software, rate limiting protects our APIs while maintaining excellent user experience for legitimate clients.
Built-in Throttle Middleware
Basic usage:
Route::middleware('throttle:60,1')->group(function () {
Route::get('/user', function () {
//
});
});Per-user limiting:
Route::middleware('auth:api', 'throttle:rate_limit,1')->group(function () {
// Uses user's rate_limit attribute
});Custom Rate Limiters
Define in RouteServiceProvider:
use Illuminate\Cache\RateLimiting\Limit;
use Illuminate\Support\Facades\RateLimiter;
public function boot()
{
RateLimiter::for('api', function (Request $request) {
return Limit::perMinute(60)->by($request->user()?->id ?: $request->ip());
});
RateLimiter::for('uploads', function (Request $request) {
return $request->user()->isPremium()
? Limit::none()
: Limit::perMinute(10);
});
}Use:
Route::middleware('throttle:api')->group(function () {
//
});Response Headers
Laravel automatically adds:
X-RateLimit-Limit: 60
X-RateLimit-Remaining: 59
X-RateLimit-Reset: 1623456789Conclusion
Rate limiting protects APIs while maintaining usability. Laravel makes implementation straightforward with flexible customization.
Need robust API protection? Contact ZIRA Software for API security consultation.