How to Fix 429 Too Many Requests in Laravel

If you create an API on Laravel, you can see an exception with the message “429 Too Many Requests”. It is quite frequent when you send many requests to a server. For example, it can appear when you update the status very frequently. Perhaps, you should think about using sockets, etc in cases like this.

But in this article we will explain how to fix 429 Too Many Requests in Laravel and allow Laravel to accept as many requests as you need.

429 Too Many Requests Exception in Laravel

By default, Laravel has a throttle mechanism for all routes registered for API route middleware. You can perform only 60 requests per minute. If you open an app/Http/Kernel.php file and find a $middlewareGroups variable, you will see throttle:api middleware:

The middleware can accept either limit values ​​or a named rate limiter as parameters. In this case you can see named rate limiter with name api. You can configure it in app/Providers/RouteServiceProvider.php. Just find configureRateLimiting() method and change the limit value for the api limiter:

    protected function configureRateLimiting()
    {
        RateLimiter::for('api', function (Request $request) {
            return Limit::perMinute(60)->by($request->user()?->id ?: $request->ip());
        });
    }

Also, you can change code directly in app/Http/Kernel.php. You can delete this middleware or change limits. In the first parameter, set the maximum number of requests per minute to be processed. The second parameter should include the number of minutes you need to wait before completing other requests when the limit of requests from the first parameter is exceeded For example:

'throttle:90:1'

But these changes will be applied to a whole project. In many cases this is not a good idea. Perhaps, you should change the rate limit only for one API route, and leave default values for others. You can do this using the withoutMiddleware() method.

Call withoutMiddleware() when you are registering a needed route. Set “throttle” middleware name as the first parameter. For example:

Route::get('/example', function(){
return response()->json(['success' => true]);
})->withoutMiddleware('throttle:api');

Note that you should use the same middleware name and parameters that were used during its declaration. After this you can redeclare the throttle middleware with parameters that you want.

Route::get('/example', function(){
    return response()->json(['success' => true]);
})
    ->withoutMiddleware('throttle:api')
    ->middleware('throttle:300:1');

If you cannot add this middleware, then the route has no limit for requests.

You can debug rate limiting using curl or another client. Just look at the headers X-RateLimit-Limit, X-RateLimit-Remaining: For example, the request with the throttle enabled:

curl -I http://localhost:8080/api/example

Here the number of total available requests is 60, and you can use almost 58 during the current minute. Here is an example without the middleware. As you can see, there is no rate limiting headers:

Wrapping Up

In this article, we have explained how to disable rate limiting in Laravel for one specific route or the whole project. However, if you are getting issues with a high number of requests to one route, consider using other technologies, for example sockets. It can reduce server load and make clients get information about changes faster. You can read how to create REST API in more detail in this article.

Leave a Comment