We are developing a community portal service using Java-Spring and Angular UI. We are also going to have an Android app soon. Our back-end exposes many services via REST API. There are couple of services which allows anonymous posting and creating service requests.
Here are our questions:
How can we protect API from DDoS-like attacks? Can we do IP whitelisting or put a cap on requests per minute for certain set of APIs? How can we log such malicious requests? Thanks in advance. Best Regards.
(See this question on SF at - http://stackoverflow.com/questions/38637175/how-to-protect-api-from-from-malicious-usage)