5.2 — Add API rate limiting

## Description

Implement ASP.NET Core rate limiting on API endpoints to protect against abuse and ensure fair resource usage. Different limits for different endpoint types (AI endpoints more restrictive).

## Dependencies

- Depends on #43 (JWT Bearer auth)

## Acceptance Criteria

- [ ] Rate limiting middleware added to API
- [ ] Policies configured:
  - AI endpoints: 10 requests/minute per user
  - General endpoints: 100 requests/minute per user
  - Sync endpoints: 5 requests/minute per user
- [ ] Returns 429 Too Many Requests with Retry-After header
- [ ] Limits enforced per authenticated user (not IP)
- [ ] Tested: rate limiting triggers correctly
- [ ] Dashboards updated to show rate limit hits

## Technical Notes

- Use ASP.NET Core's built-in `AddRateLimiter` middleware
- Policy types: FixedWindowLimiter, SlidingWindowLimiter, TokenBucketLimiter
- Apply via `[RequireRateLimitPolicy]` attribute on endpoints
- Different quotas for different endpoint types (AI is expensive)

---
Phase: 5 | Size: S | Owner: Zoe (Lead)


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

5.2 — Add API rate limiting #61

Description

Dependencies

Acceptance Criteria

Technical Notes

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

5.2 — Add API rate limiting #61

Description

Description

Dependencies

Acceptance Criteria

Technical Notes

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions