Unrestricted Resource Consumption occurs when an API allows clients to consume excessive server resources without proper limits, leading to degraded performance or denial of service. Attackers can exploit this by sending large payloads, making too many requests, or requesting resource-heavy operations repeatedly. Without controls like rate limiting, payload size restrictions, or execution timeouts, APIs become vulnerable to abuse. This issue affects availability and scalability. To prevent it, implement safeguards such as throttling, quotas, pagination, and resource usage monitoring. Always validate input sizes and apply strict limits to protect backend systems from being overwhelmed by malicious or unintentional overuse.
