12Ara
How do you verify if a request is from a genuine user or from a malicious user?
Consider clientA which wants to verify payments and serverB which verifies payments.
ClientA sends around a million requests to serverB's API in 1 day.
However, only 1% of the requests from clientA succeed and give a 200 response. The rest end up with a 400 response.
I looked at the API documentation and the way requests are generated is correct.
But I am still undecided. How can I prove solidly that the request is malicious in this case?