How do I set up route-specific rate limits in Laravel using artisansdk/ratelimiter?

Use the `RateLimit` middleware in your route definitions or groups. For example, add `middleware(RateLimit:api, max:60)` to your routes file. The package automatically resolves limits from `.env` or config files per route. You can also define custom limits in the middleware’s `handle()` method for dynamic rules.

Does artisansdk/ratelimiter support Laravel 9.x or only Laravel 10+?

The package targets Laravel 10.x+, but you can check its `composer.json` for version constraints or backward compatibility flags. If unsupported, consider alternatives like `spatie/laravel-rate-limiting` for older Laravel versions, which offer broader version support.

Can I use a database instead of Redis for rate limiting in production?

Yes, the package supports database-backed storage as a fallback, but it’s not recommended for high-traffic production environments due to performance overhead. Use Redis for distributed systems or Memcached for simpler setups. Ensure your database has proper indexing on the rate-limiting key column for efficiency.

How does the leaky bucket algorithm differ from fixed-window rate limiting?

The leaky bucket algorithm allows bursts of traffic up to the bucket’s capacity while gradually refilling tokens at a fixed rate (e.g., 60 tokens/minute). Unlike fixed-window limits, it doesn’t reset counts abruptly, making it ideal for APIs with variable traffic patterns like payment gateways or auth systems.

What happens if Redis fails in a distributed Laravel setup?

The package defaults to a fallback mechanism (e.g., database or in-memory storage) if Redis is unavailable, but it fails closed by default—meaning requests are rejected. To handle transient failures gracefully, implement retry logic in your application layer or configure the middleware to log violations instead of blocking requests.

Can I customize the 429 Too Many Requests response for my API?

Yes, override the default response in your middleware’s `handle()` method. Return a JSON response with custom headers (e.g., `Retry-After`) or a user-friendly message. Example: `return response()->json(['error' => 'Rate limit exceeded'], 429)->header('Retry-After', $this->retryAfter);`.

Is artisansdk/ratelimiter suitable for high-frequency trading APIs (e.g., sub-second rate limits)?

The package supports sub-second precision for token refills, but its effectiveness depends on your Redis configuration. For high-frequency APIs, ensure Redis is properly tuned (e.g., low latency, persistent connections) and consider using Lua scripts for atomic token updates to avoid race conditions.

How do I test rate limiting in my Laravel application?

Use Laravel’s HTTP tests to simulate bursts of requests. For example, `public function test_rate_limiting() { $response = $this->get('/api/endpoint'); $this->assertResponseSuccessful(); $this->get('/api/endpoint', [], ['HTTP_X_RAPIDAPI_KEY' => 'test']); $this->assertResponseStatus(429); }`. Mock Redis or use a test database for isolated testing.

Does the package support IP-based or user-based rate limiting out of the box?

The package supports both user-based (via Laravel’s auth system) and IP-based rate limiting out of the box. For user-based limits, pass the authenticated user’s ID to the middleware. For IP-based limits, use the client’s IP address as the key. Custom middleware can combine both for granular control.

What are the alternatives to artisansdk/ratelimiter for Laravel rate limiting?

Consider `spatie/laravel-rate-limiting` for broader Laravel version support and built-in metrics, or `laravel/throttle` for simpler fixed-window limits. For advanced use cases like circuit breakers, combine this package with `spatie/laravel-circuitbreaker`. Evaluate based on your need for leaky bucket precision, middleware integration, or observability.

Weave Code

Code Weaver

Helps Laravel developers discover, compare, and choose open-source packages. See popularity, security, maintainers, and scores at a glance to make better decisions.

Ratelimiter Laravel Package

artisansdk/ratelimiter

Laravel rate limiting package providing flexible throttling for routes and actions with configurable rules, storage drivers, and easy middleware integration. Helps protect APIs from abuse, control request bursts, and manage per-user or per-IP limits with clear, adjustable settings.

View on GitHub

Deep Wiki

Context7

A leaky bucket rate limiter and corresponding middleware with route-level granularity compatible with Laravel.

Frequently asked questions about Ratelimiter

How do I set up route-specific rate limits in Laravel using artisansdk/ratelimiter?: Use the `RateLimit` middleware in your route definitions or groups. For example, add `middleware(RateLimit:api, max:60)` to your routes file. The package automatically resolves limits from `.env` or config files per route. You can also define custom limits in the middleware’s `handle()` method for dynamic rules.
Does artisansdk/ratelimiter support Laravel 9.x or only Laravel 10+?: The package targets Laravel 10.x+, but you can check its `composer.json` for version constraints or backward compatibility flags. If unsupported, consider alternatives like `spatie/laravel-rate-limiting` for older Laravel versions, which offer broader version support.
Can I use a database instead of Redis for rate limiting in production?: Yes, the package supports database-backed storage as a fallback, but it’s not recommended for high-traffic production environments due to performance overhead. Use Redis for distributed systems or Memcached for simpler setups. Ensure your database has proper indexing on the rate-limiting key column for efficiency.
How does the leaky bucket algorithm differ from fixed-window rate limiting?: The leaky bucket algorithm allows bursts of traffic up to the bucket’s capacity while gradually refilling tokens at a fixed rate (e.g., 60 tokens/minute). Unlike fixed-window limits, it doesn’t reset counts abruptly, making it ideal for APIs with variable traffic patterns like payment gateways or auth systems.
What happens if Redis fails in a distributed Laravel setup?: The package defaults to a fallback mechanism (e.g., database or in-memory storage) if Redis is unavailable, but it fails closed by default—meaning requests are rejected. To handle transient failures gracefully, implement retry logic in your application layer or configure the middleware to log violations instead of blocking requests.
Can I customize the 429 Too Many Requests response for my API?: Yes, override the default response in your middleware’s `handle()` method. Return a JSON response with custom headers (e.g., `Retry-After`) or a user-friendly message. Example: `return response()->json(['error' => 'Rate limit exceeded'], 429)->header('Retry-After', $this->retryAfter);`.
Is artisansdk/ratelimiter suitable for high-frequency trading APIs (e.g., sub-second rate limits)?: The package supports sub-second precision for token refills, but its effectiveness depends on your Redis configuration. For high-frequency APIs, ensure Redis is properly tuned (e.g., low latency, persistent connections) and consider using Lua scripts for atomic token updates to avoid race conditions.
How do I test rate limiting in my Laravel application?: Use Laravel’s HTTP tests to simulate bursts of requests. For example, `public function test_rate_limiting() { $response = $this->get('/api/endpoint'); $this->assertResponseSuccessful(); $this->get('/api/endpoint', [], ['HTTP_X_RAPIDAPI_KEY' => 'test']); $this->assertResponseStatus(429); }`. Mock Redis or use a test database for isolated testing.
Does the package support IP-based or user-based rate limiting out of the box?: The package supports both user-based (via Laravel’s auth system) and IP-based rate limiting out of the box. For user-based limits, pass the authenticated user’s ID to the middleware. For IP-based limits, use the client’s IP address as the key. Custom middleware can combine both for granular control.
What are the alternatives to artisansdk/ratelimiter for Laravel rate limiting?: Consider `spatie/laravel-rate-limiting` for broader Laravel version support and built-in metrics, or `laravel/throttle` for simpler fixed-window limits. For advanced use cases like circuit breakers, combine this package with `spatie/laravel-circuitbreaker`. Evaluate based on your need for leaky bucket precision, middleware integration, or observability.

Popularity trends

Recorded values over time (once-a-day snapshots). May 8, 2026 – Jun 6, 2026

GitHub · stars

GitHub · forks

GitHub · watchers

Packagist · monthly downloads

View on GitHub

Stars

150

Favorites

151

Forks

Score

19.2

Score breakdown

Sum of components, capped 0–100. Halved if archived.

Stars

input: 150

+0.8
Forks

input: 15

+0.4
Open issues + PRs

input: 1

+0.1
Releases

input: 10

+3.0
Recency

input: 102

+14.4
Issue opportunity

input: 1

+0.0
Laravel News mentions

input: 0

+0.0
Dependents

input: 0

+0.0

Total 18.7

Opportunity

45.1

Opportunity score breakdown

Hidden gem signal × 0.65 + contribution need × 0.35, scaled by health factor.

Hidden gem

log(monthly_downloads / (stars + 1)) × 25

72.2
Contribution need

open_issues + open_prs: 1

0.0
Health factor

archived + recency + open issues

×0.96

Total 44.9

License

MIT

Last release

Feb 23, 2026

Watchers

Downloads

116K/mo

Dependents

Open issues

Weaver

How can I help you explore Laravel packages today?

Conversation history is not saved when not logged in.

Add packages to context

No packages found.

hamzi/corewatch

minionfactory/raw-hydrator

hexters/coinpayment

rjcodes/rjcms

act-training/laravel-permissions-manager

alimarchal/laravel-chart-of-accounts

babenkoivan/elastic-scout-driver

mkwebdesign/filament-watchdog-v5

renatomarinho/laravel-page-speed

zedmagdy/filament-business-hours

renatovdemoura/blade-elements-ui

devgeek/beacon-admin

benjamin-rqt/data-watcher-bundle

atriumphp/atrium

sandermuller/package-boost-laravel

sandermuller/boost-skills

redaxo/core

yusufgenc/filament-api-forge

l3aro/rating-star-for-filament

leek/filament-subtenant-scope