Rate Limiting Basics (Protect Your PHP API)

Rate limiting means: “a client can only hit this endpoint X times per minute.” Good for: - login endpoint - password reset - public APIs ## Simple approach (concept) Store counters in: - Redis (best) - database table (ok for small) - filesystem (not great for scale) ## Minimal DB-based design Table: ```sql CREATE TABLE rate_limits ( id INT AUTO_INCREMENT PRIMARY KEY, key_name VARCHAR(200) NOT NULL, count INT NOT NULL, window_start DATETIME NOT NULL ); ``` Key idea: - key_name can be IP + endpoint - reset count after window expires ## Why Redis is better It’s fast and designed for counters, but the concept remains the same. > Next: Logging and structured logs for debugging production issues.