Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.
I want to apply different rate limits to different API endpoints. For example, the api/orders endpoint should have a rate limit of 60, while the api/request endpoint should have a rate limit of 100.
RateLimiter::for('api', function (Request $request) {
return Limit::perMinute(60)->by($request->IP());
});
@sanjum How about this?
// Define rate limiters
RateLimiter::for('orders', function (Request $request) {
return \Illuminate\Cache\RateLimiting\Limit::perMinute(60)->by($request->ip());
});
RateLimiter::for('requests', function (Request $request) {
return \Illuminate\Cache\RateLimiting\Limit::perMinute(100)->by($request->ip());
});
// ....
@tisuchi Thanks for your answer. How about the other generic endpoints that belong to the API as well, such as api/settings, api/users, api/icons, and api/response? How should we handle those? Do we need to target each API route individually, or can we write a generic one that covers them all, remaining ones?
@tisuchi This is in Kernel.php
protected $middlewareGroups = [
'api' => [
'throttle:api',
],
];
@sanjum Define the limits you want, and then apply them to the routes they are relevant to? 🤷♂️ I feel you’re over-complicating the problem, here.
@sanjum I assume you are trying to apply some generic rate limiter. This could be one of the solutions!
Define a Generic Rate Limiter
// Generic rate limiter for all remaining API endpoints
RateLimiter::for('generic', function (Request $request) {
return \Illuminate\Cache\RateLimiting\Limit::perMinute(30)->by($request->ip()); // Default: 30 req/min
});
Apply the Rate Limiters in Routes
// Apply the generic rate limiter to all other API routes
Route::middleware(['throttle:generic'])->group(function () {
// Your routes....
});
Please or to participate in this conversation.