Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.
Hi everyone!
I have a basic SaaS app where my users can access my API. I have three plans:
Free: 500 requests/month Pro: 2500 requests/month Business: 15000 requests/month
I am trying to figure out how to best validate for the above.
Right now I just have a simple ApiController that is calling below on every request hitting an API endpoint:
public function updateRequests()
{
$userId = auth('api')->user()->id;
DB::table('users')
->where('id', $userId)
->update([
'requests' => DB::raw('requests + 1'),
]);
}
As you can see the above simply increment a requests column for the specific user on each request.
With this I am not able to check if the user is within his/her usage limit of a given month.
I was thinking of adding a api_requests table, that simply holds:
id | user_id | created_at | updated_at
Because then I can somehow group by created_at for a given month and check whether or not that the specific user is allowed to make additional requests for that month.
However, a drawback of this approach is that this table will quickly get bloated.
Any ideas on how I can solve this issue?
There is an increment Builder method you know! Otherwise, there is nothing scoping the request to the current month.
Redis can also be a useful solution for a simple counter you could put a key comprised of the userId, year and month so that there is scope that is missing above.
If you do not need the historical request count, then you could purge the old data periodically.
Please or to participate in this conversation.