The API has no rate limiting on any endpoints, making it vulnerable to abuse and DoS attacks. A single client can overwhelm the server with requests, exhaust database connections, and degrade service for all users. This security vulnerability could lead to service outages and unfair resource consumption.
Integrate @nestjs/throttler with different limits for different endpoint types. Set general endpoints to 100 requests/minute and resource-intensive operations like sync to 10 requests/minute. Return proper 429 status codes with retry-after headers. Implement IP-based and API key-based rate limiting with backend for distributed deployments.
The API has no rate limiting on any endpoints, making it vulnerable to abuse and DoS attacks. A single client can overwhelm the server with requests, exhaust database connections, and degrade service for all users. This security vulnerability could lead to service outages and unfair resource consumption.
Integrate
@nestjs/throttlerwith different limits for different endpoint types. Set general endpoints to 100 requests/minute and resource-intensive operations like sync to 10 requests/minute. Return proper 429 status codes with retry-after headers. Implement IP-based and API key-based rate limiting with backend for distributed deployments.