Description Introduced in Symfony 5.2. See documentation1 Syntax # config/packages/rate_limiter.yaml framework: rate_limiter: anonymous_api: strategy: fixed_window limit: 60 interval: '60 minutes' // src/Controller/ApiController.php namespace App\Controller; use Symfony\Bundle\FrameworkBundle\Controller\AbstractController; use Symfony\Component\HttpKernel\Exception\TooManyRequestsHttpException; use Symfony\Component\RateLimiter\Limiter; class ApiController extends AbstractController { // the variable name must be: "rate limiter name" + "limiter" suffix public function index(Limiter $anonymousApiLimiter) { // create a limiter based on the client's IP address // (you can also use a username/email, an API key, etc.) $limiter = $anonymousApiLimiter->create($request->getClientIp()); // try to consume a resource; if it's accepted, serve the request // otherwise, return a 429 (Too Many Requests) error if (false === $limiter->consume()->isAccepted()) { throw new TooManyRequestsHttpException(); } // ... } // ... } Used by Login Throttling Footnotes Footnotes https://github.com/symfony/symfony-docs/blob/5.x/rate_limiter.rst ↩