Implement security measures in your Manifest backend.

Rate-limiting can protect your backend from brute-force attacks by blocking requests after reaching a limit.

You can implement one or several throttler definitions to limit API calls in the manifest.yml file. The following example allow no more than 2 calls per second, and 50 calls per minute:

name: my app

settings:
  rateLimits:
    - { name: 'short', limit: 2, ttl: 1000 } # 2 requests per second
    - { name: 'medium', limit: 50, ttl: 60000 } # 50 requests per minute.