Hello everyone, I'm @xiaoqiangapi , the Chinese teacher who gives apis a "check-up". An article on , my SQL injection, XSS and prompt hijacked, API are blocked off. Let's take a different approach today - ** not attack, test 'resilience' **. Would the API crash if a sudden wave of requests came in, or if someone typed several thousand characters? I'm curious about it. The tools are still the same old two: Postman and Windows' built-in curl. An honest test by a non-security expert, now going on. Test (7) : High Frequency Requests (Rate limiting) ** Test purpose ** : To see if the API triggers "rate limiting" and returns error code 429 when sending requests frantically. ! Multiple consecutive API requests sent, server responds normally, no 429 status code returned ** Conclusion ** : I didn't detect 429 (Too Many Requests). The frequency of normal developer usage doesn't trigger rate limiting at all. Cloudflare will automatically block malicious traffic, but not restrict normal users.…