Laravel Api Rate Limiting Throttle, Increase Limit Greater Than 60

Setting the api throttle middleware less than 60 works like this:

Route::get('myapi/{value}/{anothervalue}', 'MyApiController@getStuff')->middleware('throttle:5,1');

However, any setting greater than 60 is ignored:

Route::get('myapi/{value}/{anothervalue}', 'MyApiController@getStuff')->middleware('throttle:100,1');

I tried playing with the default $maxAttempts = 60 in the ThrottleRequests class, and that doesn't work. Could there be another overriding throttle besides this Middleware that limits requests to 60 per minute per IP?

stwilson

9 years ago

Best Answer

Level 16

I found it in Kernel.php:

        'api' => [
            'throttle:60,1',
            'bindings',
        ],

This was overriding any setting set above.

6 likes

llyupll

7 years ago

Level 5

Holy crap, literally just made an account to tell you that this was the most helpful thing I've ever seen @stwilson Thank You!

1 like

Nicholaus

6 years ago

Level 4

@stwilson thanks!

Not sure why this is completely absent from the documentation at https://laravel.com/docs/5.8/routing#rate-limiting

srenert

4 years ago

Level 1

I"m trying to implement this with Laravel 8 and it doesn't seem to be working. I changed the throttle to use the RateLimiter as suggested in the documentation. I've cleared cached in laravel, nothing seems to be taking any affect.... The requests always stop at 60

Kernel.php

protected $middlewareGroups = [
    'web' => [
        EncryptCookies::class,
        AddQueuedCookiesToResponse::class,
        StartSession::class,
        // \Illuminate\Session\Middleware\AuthenticateSession::class,
        ShareErrorsFromSession::class,
        VerifyCsrfToken::class,
        SubstituteBindings::class,
    ],

    'api' => [
        EnsureFrontendRequestsAreStateful::class,
        'throttle:10,1',
        SubstituteBindings::class,
    ],
];

RouteServiceProvider.php

public function boot()
{
    $this->configureRateLimiting();
    parent::boot();
}

protected function configureRateLimiting()
{
    RateLimiter::for('oauth_tvs', function (Request $request) {
        return Limit::perMinute(10)->by(optional($request->user())->id ?: $request->ip());
    });
}

api.php

Route::get('/throttle/{amount}', 'SomeController@throttleBatch')->middleware(['throttle:oauth_tvs']);

SomeController.php

public function throttleBatch(Request $request, $amount) {
    // Going to throttle up to $amount of requests
    try {
        $httpClient = new Client();
        for ($i = 0; $i <= $amount; $i++) {
            $req = $httpClient->post("someAPI", []);
            $response = $req->getBody()->getContents();
			Log::info("Success!");
        }
    } catch (\Throwable $e) {
        Log::info("errorCode: {$e->getCode()}");
    }
}

Please or to participate in this conversation.