Building Secure APIs

Security is crucial when building APIs.

Rate Limiting

RateLimiter::for('api', function (Request $request) {
    return Limit::perMinute(60)
        ->by($request->user()?->id ?: $request->ip());
});

Form Request Validation

class StorePostRequest extends FormRequest
{
    public function rules(): array
    {
        return [
            'title' => ['required', 'string', 'max:255'],
            'content' => ['required', 'string'],
        ];
    }
}

JSON Responses

{
    "data": {
        "id": 1,
        "title": "My Post",
        "status": "published"
    },
    "meta": {
        "version": "v1"
    }
}