Rate Limiting for the Win!

So how do we prevent these issues? The first step is to implement rate-limiting on your APIs. Rate limiting can be implemented in many ways: by IP address, by user agent (browser), or even based on a combination of factors such as IP and User Agent. It also depends on what kind of data you are trying to protect. For example, if you are protecting sensitive information like social security numbers or credit card numbers, then implementing IP-based rate limiting may not be enough because attackers can use proxies to bypass this protection mechanism
https://t.co/TOGBQeI2tZ