Rate Limiting and Abuse

API abuse is using an API far more or differently than intended.

Even without breaking in, attackers can scrape data, guess passwords, or overload a service simply by sending many requests.

Rate limiting caps how many requests a client may make in a time window.

For example, 100 requests per minute. Beyond that, the API rejects or delays further calls.