Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.

sameed_editz's avatar

why rate limiter response not showing correct? am i using it right? help

app service provider

RateLimiter::for('api', function (Request $request) {
            $maxAttempts = 6;
            $key = optional($request->user())->id ?: $request->ip();

            $remainingAttempts = RateLimiter::remaining($key, $maxAttempts);
            $remainingSeconds = RateLimiter::availableIn($key, $maxAttempts);

            return Limit::perMinute($maxAttempts)->by($key)->response(function (Request $request, array $headers) use ($remainingAttempts, $remainingSeconds) {
                return response()->json([
                    'message' => "Too many requests. Remaining attempts: $remainingAttempts. Try again in $remainingSeconds seconds.",
                ], 429, $headers);
            });
        });

response im getting on request

{
    "message": "Too many requests. Remaining attempts: 6. Try again in 0 seconds."
}
0 likes
5 replies
s4muel's avatar
s4muel
1 year ago
Best Answer
Level 50

most of your code uses route rate limiting (https://laravel.com/docs/12.x/routing#rate-limiting), the by() method indeed uses a $key to segment rate limits by a value. but this is (for good reasons) not the $key under which the value is stored in redis (or other cache you use for rate limit storage). it internally translates to some hash like e9b6cc1432541b9ceebf113eee05eeba (https://github.com/illuminate/routing/blob/12.x/Middleware/ThrottleRequests.php#L131).

so when you use the RateLimiter class (https://laravel.com/docs/12.x/rate-limiting#basic-usage), you get "full remaining attempts" because you check something else (different keys in cache). same same but different:)

but there is a $headers array in the callback you could use. just get the remaining value from there

RateLimiter::for('api', function (Request $request) {
            return Limit::perMinute(6)->by(optional($request->user())->id ?: $request->ip())->response(function (Request $request, array $headers) {
                return response()->json([
                    'message' => "Too many requests. Remaining attempts: {$headers['X-RateLimit-Remaining']}. Try again in {$headers['Retry-After']} seconds.",
                ], 429, $headers);
            });
        });

but the remaining attempts will be always 0 in the case you return the "Too many requests" response, so... you know.

s4muel's avatar

@sameed_editz glad it helped (you could also mark it as best answer 🙌) I'm not that proficient in filament, but feel free to start a new discussion in filament channel, someone might help 🤞

sameed_editz's avatar

@s4muel brother will u become my friend, i have no friend of laravel i code alone :( like sometimes i need suggestion like should i do this or that? or how to implement such feature?

ik i shouldnt ask this here tho

i would try my best to not be a burden on you 🤭hehe

1 like

Please or to participate in this conversation.