An API that works for ten users is easy. An API that works for ten thousand concurrent users without falling over requires deliberate architecture. Here's how we build Laravel APIs that scale.
Route Organisation and Versioning
Version your API from day one. Prefix routes with /api/v1/ and group related endpoints logically. When breaking changes become necessary (and they will), you can introduce /api/v2/ without disrupting existing clients.
Use Laravel's route groups to apply middleware efficiently. Authentication, rate limiting, and response formatting should be applied at the group level, not individual routes.
Eloquent Performance Patterns
The N+1 query problem is the most common performance killer in Laravel APIs. Use eager loading (with()) to fetch related models in a single query instead of looping through relationships.
Use select() to fetch only the columns you need. Returning entire models with twenty columns when the client needs three wastes memory and bandwidth. For list endpoints, always paginate. Never return unbounded result sets.
Query scopes keep your code clean and reusable. Create scopes for common filters like active(), recent(), or byRegion() rather than repeating where clauses throughout your codebase.
API Resource Transformations
Laravel's API Resources provide a clean separation between your database structure and your API response format. This decoupling is critical - it means you can modify your database schema without breaking client integrations.
Create specific resources for different contexts. A UserListResource returning id, name, and avatar is different from a UserDetailResource returning full profile information. This reduces payload sizes and keeps responses focused.
Authentication and Rate Limiting
Use Laravel Sanctum for token-based API authentication. It's lightweight, secure, and built specifically for API use cases. For rate limiting, define granular limits based on endpoint sensitivity - authentication endpoints get stricter limits than read-only data endpoints.
Caching Strategies
Cache aggressively at multiple levels. Use Laravel's cache facade for expensive database queries, HTTP cache headers for client-side caching, and Redis for session and queue data.
Implement cache invalidation thoughtfully. Time-based expiry works for most read-heavy endpoints. For data that changes frequently, use event-driven cache invalidation - when a model updates, clear its associated cache keys.
Queue Everything That Can Wait
If an API request triggers work that the client doesn't need to wait for - sending emails, generating reports, processing images - push it to a queue. Laravel's queue system with Redis is reliable and straightforward to implement.
This single pattern can cut API response times by 50% or more for endpoints that trigger side effects.
Error Handling
Return consistent error responses with meaningful HTTP status codes. Create a base exception handler that formats all errors uniformly. Include error codes that clients can programmatically handle, and human-readable messages for debugging.
The Principle
Every decision should optimise for two things: response time for the client, and maintainability for the developer who inherits your code. When these two goals conflict, document your trade-offs clearly.