Introduction to API4:2019 Lack Resources Rate Limiting
Lack of Resources and Rate Limiting, listed as API4:2019 in the OWASP API Security Top 10, refers to the absence of restrictions on how often and how intensely users can interact with an API. Without proper limits, attackers can abuse endpoints by launching brute force attacks, consuming excessive server resources, or overloading the system with massive requests, potentially leading to denial of service. APIs that do not enforce rate limits or usage quotas are especially vulnerable. To mitigate this risk, APIs should implement rate limiting, throttling, and resource quotas to protect against abuse and ensure fair usage.
OWASP API04:2019 Lack of Resources & Rate Limiting
