How do you verify if a request is from a genuine user or from a malicious user?
Consider clientA which wants to verify payments and serverB which verifies payments.
ClientA sends around a million requests to serverB’s API in 1 day.
However, only 1% of the requests from clientA succeed and give a 200 response. The rest…