Guzzle Rate Limiter Middleware Laravel Package

Product Decisions This Supports

• API Rate Limiting for External Services: Enables compliance with third-party API rate limits (e.g., payment gateways, weather APIs, or social media platforms) without manual retry logic or risking throttling.
• Cost Optimization: Reduces unnecessary API calls and potential penalties (e.g., AWS API limits, Stripe rate limits) by enforcing disciplined request patterns.
• Scalability for Microservices: Supports distributed systems by allowing custom storage backends (e.g., Redis) for cross-process rate limiting.
• Roadmap for API Reliability: Prioritizes building a robust API layer by integrating rate limiting early, avoiding last-minute refactoring for throttling issues.
• Build vs. Buy: Favors "buy" for rate limiting logic, freeing engineering time to focus on core features while leveraging a battle-tested, MIT-licensed solution.
• Use Cases:
  • E-commerce: Prevent overloading payment processors (e.g., Stripe, PayPal).
  • Data Pipelines: Control scraping/fetching frequency for external data sources.
  • IoT/Telemetry: Throttle device API calls to avoid cloud provider costs or bans.
  • Internal Tools: Protect internal APIs from abuse by client applications.

When to Consider This Package

• Adopt When:

  • Your application interacts with external APIs with strict rate limits (e.g., >100 requests/minute).
  • You need predictable throttling behavior (e.g., for billing or SLA guarantees).
  • Your team lacks time to build/maintain a custom rate-limiting solution.
  • You’re using Guzzle (or can integrate it) for HTTP requests in a Laravel/PHP stack.
  • You require cross-process consistency (use the Redis driver or implement a custom store).

• Look Elsewhere If:

  • You’re using a non-Guzzle HTTP client (e.g., Symfony HTTP Client, cURL directly).
  • Your rate limits are dynamic or per-user (this package focuses on fixed global limits; consider spatie/laravel-rate-limiting for Laravel-specific needs).
  • You need advanced features like burst capacity, token buckets, or machine learning-based throttling (e.g., envoy/ratelimit for Envoy).
  • Your team prefers serverless/edge rate limiting (e.g., Cloudflare Workers, AWS Lambda@Edge).

How to Pitch It (Stakeholders)

For Executives:

"This lightweight package lets us enforce API rate limits programmatically, reducing risks of throttling, cost overruns, or service disruptions from third-party APIs. For example, if we’re integrating with Stripe or a weather API, it ensures we stay within their limits automatically—saving dev time and avoiding last-minute outages. It’s a plug-and-play solution with minimal overhead, and the MIT license means no vendor lock-in. Given [X]’s reliance on [API Provider], this could prevent [Y] dollars in potential penalties or downtime."

For Engineering:

*"The spatie/guzzle-rate-limiter-middleware gives us a simple way to add rate limiting to Guzzle requests. Key benefits:

• Zero custom code for basic limits (e.g., 100 requests/minute).
• Sleep-based backoff: Automatically pauses requests when limits are hit, avoiding retries or exponential backoff logic.
• Extensible: Swap the in-memory store for Redis or a custom driver for distributed systems.
• Lightweight: ~500 LOC, no Laravel dependency (works in any PHP app). Use case: Add this to our HttpClient class for all external API calls. For per-user limits, we’d layer on Laravel’s built-in rate limiting. Let’s prototype it for [API Provider] first—should take <1 hour to implement."*