What is CodeIgniter 4 API rate limiting?

Answer

CI4 does not include built-in rate limiting like Laravel, but it can be implemented via a Filter. Using CI4's Cache service: in the filter's before() method, track request counts per IP: $key = "rate_limit_" . $this->request->getIPAddress(); $count = cache($key); if ($count === null) { cache()->save($key, 1, 60); } elseif ($count >= 60) { return Services::response()->setStatusCode(429)->setJSON(["error" => "Too Many Requests"]); } else { cache()->save($key, $count + 1, 60); }. For per-user rate limiting, use the user ID as the cache key. Using Redis: leverage Redis INCR and EXPIRE for atomic operations. Register the filter as a route filter for API routes. Third-party packages like cirlabs/ci4-throttle provide ready-made rate limiting with configurable limits per route. For production APIs, also consider implementing rate limiting at the infrastructure level (Nginx, API gateway) for better performance.