Rate Limiting
Apiato uses Laravel Rate Limiting feature to protect your API from abuse and to ensure stability.
This feature is only applied to API requests, and not to web requests and is enabled by default.
How it works
Given the rate limit window is 1 minute per endpoint,
with individual calls allowing for 30 requests in each window each user is allowed
to make 30 calls per endpoint every 1 minute
(for each unique access token).
Configuration
Rate limiting configuration is done in the app/Ship/Configs/apiato.php config file.
Rate Limiting Headers
For how many hits you can perform on an endpoint, you can always check the header:
X-RateLimit-Limit → 30
X-RateLimit-Remaining → 29
Disable Rate Limiting
The API rate limiting middleware name is api and is assigned to all API endpoints by default.
You can disable it on specific endpoints or globally.
On a specific endpoint
Rate limiting can be disabled
by removing the api middleware from an endpoint using withoutMiddleware('throttle:api') method.
Read More.
Globally
To disable rate limiting completely, set GLOBAL_API_RATE_LIMIT_ENABLED to false in the .env file.