Use when requests involve brute-force protection, API abuse, signup or login throttling, scraping defenses, quota strategy, or reducing automated misuse without breaking legitimate traffic. Design rate limiting and abuse prevention controls for authentication and API surfaces: identity- and IP-based limits, quotas, lockouts, progressive friction, bot resistance, and observability.
