Throttling to limit customer requests

In this section we will learn how to clean the number of requests that a client can make, which is particularly useful for a Rest API, when making queries to it or our web application, with this, we can guarantee that there are no abuses in which a user can make multiple requests in a short period of time, for example:

Route::middleware('throttle:60,1')->group(function () {
 // Your routes Here
});

With the previous code, we are indicating through parameter 60 and 1 that within 1 minute the user can send 60 requests.

Video transcript

I wanted to show you how you can limit the requests sent by a client, that is, basically deny a client's request for sending too many requests in a certain time. You might suddenly wonder why this is useful, well basically for several reasons:

1. One of them may be to improve the performance of the application, for example, preventing a potential client from making multiple requests to our server in a short time, suppose you have it, or simply limit some resources, suppose you are doing a kind of raffle, and therefore, The more requests you can send the more chances you have of winning and therefore an attacking client can send multiple requests in a short time using a newly implemented bot or something like that simply to improve the chances of winning the prize.
2. Another example could be that you have a service in which users are subscribed and are paying a certain amount of money, therefore it has a certain number of requests that can be made at a certain time, for example, a month, 30 requests OR 100 requests. In a month it was what you paid, therefore you can also limit it that way so that again you can only make those 30 requests to a protected resource in that month. You can place this in any type of route, be it the routes that we have defined at the web level or at the API level as you want, so there I gave you some examples of how it works and what you could use it for.

As you can already assume at this point, it is middleware:

Route::middleware('throttle:60,1')->group(function () {
 // Your routes Here
});

Remember that it is the intermediary, we have already used and implemented some and they work in the following way. Well, usually we are going to want to place it through grouped routes, that is, here we place a group and we define here our routes that have to comply with the following milwar, we place the midwar and we pass it a couple of parameters:

60,1

What does this basically mean? Here we are indicating how many requests the client can make in a certain time and this specific time is expressed in minutes, therefore in this example there would be 60 requests (60 requests) within a period of one minute and that is practically everything here.

If you try to access beyond the limit you will see a screen like the following that says 419 too many requests blocking access; You can use it on the web routes and also on the Rest Api for this purpose.

You have already learned to limit the number of requests that the client can make in a certain time