From 6b54405003df8984182b3b2b08295ae127d52b74 Mon Sep 17 00:00:00 2001
From: Hazelnoot <acomputerdog@gmail.com>
Date: Fri, 22 Nov 2024 13:53:41 -0500
Subject: [PATCH 1/8] add default / fallback rate limit

---
 packages/backend/src/server/api/ApiCallService.ts | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/packages/backend/src/server/api/ApiCallService.ts b/packages/backend/src/server/api/ApiCallService.ts
index 016db6ac19..6f51825494 100644
--- a/packages/backend/src/server/api/ApiCallService.ts
+++ b/packages/backend/src/server/api/ApiCallService.ts
@@ -311,7 +311,15 @@ export class ApiCallService implements OnApplicationShutdown {
 			throw new ApiError(accessDenied);
 		}
 
-		if (ep.meta.limit) {
+		// For endpoints without a limit, the default is 10 calls per second
+		const endpointLimit: IEndpointMeta['limit'] = ep.meta.limit ?? {
+			duration: 1000,
+			max: 10,
+		};
+
+		// We don't need this check, but removing it would cause a big merge conflict.
+		// eslint-disable-next-line @typescript-eslint/no-unnecessary-condition
+		if (endpointLimit) {
 			// koa will automatically load the `X-Forwarded-For` header if `proxy: true` is configured in the app.
 			let limitActor: string;
 			if (user) {
@@ -320,7 +328,7 @@ export class ApiCallService implements OnApplicationShutdown {
 				limitActor = getIpHash(request.ip);
 			}
 
-			const limit = Object.assign({}, ep.meta.limit);
+			const limit = Object.assign({}, endpointLimit);
 
 			if (limit.key == null) {
 				(limit as any).key = ep.name;
-- 
GitLab


From e3b826db5a2dd86c15b3c5f5bdfbd7fec8d781ad Mon Sep 17 00:00:00 2001
From: Hazelnoot <acomputerdog@gmail.com>
Date: Fri, 22 Nov 2024 13:43:06 -0500
Subject: [PATCH 2/8] add rate limits to all public endpoints

---
 .../src/server/api/endpoints/announcements.ts |    6 +
 .../api/endpoints/announcements/show.ts       |    6 +
 .../server/api/endpoints/antennas/create.ts   |    6 +
 .../server/api/endpoints/antennas/delete.ts   |    6 +
 .../src/server/api/endpoints/antennas/list.ts |    6 +
 .../server/api/endpoints/antennas/notes.ts    |    6 +
 .../src/server/api/endpoints/antennas/show.ts |    6 +
 .../server/api/endpoints/antennas/update.ts   |    6 +
 .../src/server/api/endpoints/app/create.ts    |    6 +
 .../src/server/api/endpoints/app/show.ts      |    6 +
 .../src/server/api/endpoints/auth/accept.ts   |    6 +
 .../api/endpoints/auth/session/generate.ts    |    6 +
 .../server/api/endpoints/auth/session/show.ts |    6 +
 .../api/endpoints/auth/session/userkey.ts     |    6 +
 .../src/server/api/endpoints/blocking/list.ts |    6 +
 .../api/endpoints/bubble-game/ranking.ts      |    6 +
 .../server/api/endpoints/channels/favorite.ts |    6 +
 .../server/api/endpoints/channels/featured.ts |    6 +
 .../server/api/endpoints/channels/follow.ts   |    6 +
 .../server/api/endpoints/channels/followed.ts |    6 +
 .../api/endpoints/channels/my-favorites.ts    |    6 +
 .../server/api/endpoints/channels/owned.ts    |    6 +
 .../server/api/endpoints/channels/search.ts   |    6 +
 .../src/server/api/endpoints/channels/show.ts |    6 +
 .../server/api/endpoints/channels/timeline.ts |    6 +
 .../api/endpoints/channels/unfavorite.ts      |    6 +
 .../server/api/endpoints/channels/unfollow.ts |    6 +
 .../server/api/endpoints/channels/update.ts   |    6 +
 .../api/endpoints/charts/active-users.ts      |    6 +
 .../server/api/endpoints/charts/ap-request.ts |    6 +
 .../src/server/api/endpoints/charts/drive.ts  |    6 +
 .../server/api/endpoints/charts/federation.ts |    6 +
 .../server/api/endpoints/charts/instance.ts   |    6 +
 .../src/server/api/endpoints/charts/notes.ts  |    6 +
 .../server/api/endpoints/charts/user/drive.ts |    6 +
 .../api/endpoints/charts/user/following.ts    |    6 +
 .../server/api/endpoints/charts/user/notes.ts |    6 +
 .../server/api/endpoints/charts/user/pv.ts    |    6 +
 .../api/endpoints/charts/user/reactions.ts    |    6 +
 .../src/server/api/endpoints/charts/users.ts  |    6 +
 .../server/api/endpoints/clips/add-note.ts    |    3 +-
 .../src/server/api/endpoints/clips/create.ts  |    6 +
 .../src/server/api/endpoints/clips/delete.ts  |    6 +
 .../server/api/endpoints/clips/favorite.ts    |    6 +
 .../src/server/api/endpoints/clips/list.ts    |    6 +
 .../api/endpoints/clips/my-favorites.ts       |    6 +
 .../src/server/api/endpoints/clips/notes.ts   |    6 +
 .../server/api/endpoints/clips/remove-note.ts |    6 +
 .../src/server/api/endpoints/clips/show.ts    |    6 +
 .../server/api/endpoints/clips/unfavorite.ts  |    6 +
 .../src/server/api/endpoints/clips/update.ts  |    6 +
 .../backend/src/server/api/endpoints/drive.ts |    6 +
 .../src/server/api/endpoints/drive/files.ts   |    6 +
 .../endpoints/drive/files/attached-notes.ts   |    6 +
 .../endpoints/drive/files/check-existence.ts  |    6 +
 .../api/endpoints/drive/files/delete.ts       |    7 +
 .../api/endpoints/drive/files/find-by-hash.ts |    6 +
 .../server/api/endpoints/drive/files/find.ts  |    6 +
 .../server/api/endpoints/drive/files/show.ts  |    6 +
 .../api/endpoints/drive/files/update.ts       |    7 +
 .../src/server/api/endpoints/drive/folders.ts |    6 +
 .../api/endpoints/drive/folders/delete.ts     |    7 +
 .../api/endpoints/drive/folders/find.ts       |    6 +
 .../api/endpoints/drive/folders/show.ts       |    6 +
 .../api/endpoints/drive/folders/update.ts     |    7 +
 .../src/server/api/endpoints/drive/stream.ts  |    6 +
 .../api/endpoints/email-address/available.ts  |    6 +
 .../backend/src/server/api/endpoints/emoji.ts |    6 +
 .../src/server/api/endpoints/emojis.ts        |    6 +
 .../src/server/api/endpoints/endpoint.ts      |    6 +
 .../src/server/api/endpoints/endpoints.ts     |    6 +
 .../api/endpoints/federation/followers.ts     |    6 +
 .../api/endpoints/federation/following.ts     |    6 +
 .../api/endpoints/federation/instances.ts     |    6 +
 .../api/endpoints/federation/show-instance.ts |    6 +
 .../server/api/endpoints/federation/stats.ts  |    6 +
 .../federation/update-remote-user.ts          |    6 +
 .../server/api/endpoints/federation/users.ts  |    6 +
 .../src/server/api/endpoints/fetch-rss.ts     |    6 +
 .../src/server/api/endpoints/flash/delete.ts  |    6 +
 .../server/api/endpoints/flash/featured.ts    |    6 +
 .../src/server/api/endpoints/flash/like.ts    |    6 +
 .../server/api/endpoints/flash/my-likes.ts    |    6 +
 .../src/server/api/endpoints/flash/my.ts      |    6 +
 .../src/server/api/endpoints/flash/show.ts    |    6 +
 .../src/server/api/endpoints/flash/unlike.ts  |    6 +
 .../endpoints/following/requests/accept.ts    |    6 +
 .../endpoints/following/requests/cancel.ts    |    6 +
 .../api/endpoints/following/requests/list.ts  |    6 +
 .../endpoints/following/requests/reject.ts    |    6 +
 .../api/endpoints/following/requests/sent.ts  |    6 +
 .../server/api/endpoints/gallery/featured.ts  |    6 +
 .../server/api/endpoints/gallery/popular.ts   |    6 +
 .../src/server/api/endpoints/gallery/posts.ts |    6 +
 .../api/endpoints/gallery/posts/delete.ts     |    6 +
 .../api/endpoints/gallery/posts/like.ts       |    6 +
 .../api/endpoints/gallery/posts/show.ts       |    6 +
 .../api/endpoints/gallery/posts/unlike.ts     |    6 +
 .../api/endpoints/get-avatar-decorations.ts   |    6 +
 .../api/endpoints/get-online-users-count.ts   |    6 +
 .../src/server/api/endpoints/hashtags/list.ts |    6 +
 .../server/api/endpoints/hashtags/search.ts   |    6 +
 .../src/server/api/endpoints/hashtags/show.ts |    6 +
 .../server/api/endpoints/hashtags/trend.ts    |    6 +
 .../server/api/endpoints/hashtags/users.ts    |    6 +
 .../backend/src/server/api/endpoints/i.ts     |    6 +
 .../src/server/api/endpoints/i/2fa/done.ts    |    7 +
 .../api/endpoints/i/2fa/password-less.ts      |    7 +
 .../server/api/endpoints/i/2fa/update-key.ts  |    7 +
 .../src/server/api/endpoints/i/apps.ts        |    6 +
 .../server/api/endpoints/i/authorized-apps.ts |    6 +
 .../api/endpoints/i/claim-achievement.ts      |    6 +
 .../src/server/api/endpoints/i/favorites.ts   |    6 +
 .../server/api/endpoints/i/gallery/likes.ts   |    6 +
 .../server/api/endpoints/i/gallery/posts.ts   |    6 +
 .../src/server/api/endpoints/i/page-likes.ts  |    6 +
 .../src/server/api/endpoints/i/pages.ts       |    6 +
 .../backend/src/server/api/endpoints/i/pin.ts |    6 +
 .../api/endpoints/i/read-all-unread-notes.ts  |    6 +
 .../api/endpoints/i/read-announcement.ts      |    6 +
 .../api/endpoints/i/registry/get-all.ts       |    6 +
 .../api/endpoints/i/registry/get-detail.ts    |    6 +
 .../api/endpoints/i/registry/get-unsecure.ts  |    6 +
 .../server/api/endpoints/i/registry/get.ts    |    8 +-
 .../endpoints/i/registry/keys-with-type.ts    |    6 +
 .../server/api/endpoints/i/registry/keys.ts   |    6 +
 .../server/api/endpoints/i/registry/remove.ts |    6 +
 .../i/registry/scopes-with-domain.ts          |    8 +-
 .../server/api/endpoints/i/registry/set.ts    |    6 +
 .../server/api/endpoints/i/revoke-token.ts    |    6 +
 .../server/api/endpoints/i/signin-history.ts  |    6 +
 .../src/server/api/endpoints/i/unpin.ts       |    6 +
 .../server/api/endpoints/i/webhooks/create.ts |    6 +
 .../server/api/endpoints/i/webhooks/delete.ts |    6 +
 .../server/api/endpoints/i/webhooks/list.ts   |    6 +
 .../server/api/endpoints/i/webhooks/show.ts   |    6 +
 .../server/api/endpoints/i/webhooks/update.ts |    5 +
 .../src/server/api/endpoints/invite/create.ts |    6 +
 .../src/server/api/endpoints/invite/delete.ts |    6 +
 .../src/server/api/endpoints/invite/limit.ts  |    6 +
 .../src/server/api/endpoints/invite/list.ts   |    6 +
 .../backend/src/server/api/endpoints/meta.ts  |    6 +
 .../server/api/endpoints/miauth/gen-token.ts  |    6 +
 .../src/server/api/endpoints/mute/delete.ts   |    7 +
 .../src/server/api/endpoints/mute/list.ts     |    6 +
 .../src/server/api/endpoints/my/apps.ts       |    6 +
 .../backend/src/server/api/endpoints/notes.ts |    8 +
 .../api/endpoints/notes/bubble-timeline.ts    |    6 +
 .../server/api/endpoints/notes/children.ts    |    6 +
 .../src/server/api/endpoints/notes/clips.ts   |    6 +
 .../api/endpoints/notes/conversation.ts       |    6 +
 .../api/endpoints/notes/favorites/delete.ts   |    7 +
 .../server/api/endpoints/notes/featured.ts    |    6 +
 .../server/api/endpoints/notes/following.ts   |    6 +
 .../api/endpoints/notes/global-timeline.ts    |    8 +-
 .../api/endpoints/notes/hybrid-timeline.ts    |    6 +
 .../src/server/api/endpoints/notes/like.ts    |    6 +
 .../api/endpoints/notes/local-timeline.ts     |    6 +
 .../server/api/endpoints/notes/mentions.ts    |    6 +
 .../endpoints/notes/polls/recommendation.ts   |    6 +
 .../api/endpoints/notes/polls/refresh.ts      |    6 +
 .../server/api/endpoints/notes/polls/vote.ts  |    6 +
 .../server/api/endpoints/notes/reactions.ts   |    6 +
 .../api/endpoints/notes/reactions/create.ts   |    6 +
 .../src/server/api/endpoints/notes/renotes.ts |    9 +-
 .../src/server/api/endpoints/notes/replies.ts |    6 +
 .../api/endpoints/notes/search-by-tag.ts      |    6 +
 .../src/server/api/endpoints/notes/search.ts  |    6 +
 .../src/server/api/endpoints/notes/show.ts    |   10 +-
 .../src/server/api/endpoints/notes/state.ts   |    6 +
 .../endpoints/notes/thread-muting/delete.ts   |    6 +
 .../server/api/endpoints/notes/timeline.ts    |    6 +
 .../server/api/endpoints/notes/translate.ts   |    6 +
 .../api/endpoints/notes/user-list-timeline.ts |    6 +
 .../server/api/endpoints/notes/versions.ts    |   10 +-
 .../api/endpoints/notifications/flush.ts      |    6 +
 .../notifications/mark-all-as-read.ts         |    6 +
 .../src/server/api/endpoints/page-push.ts     |    6 +
 .../src/server/api/endpoints/pages/delete.ts  |    7 +
 .../server/api/endpoints/pages/featured.ts    |    6 +
 .../src/server/api/endpoints/pages/like.ts    |    6 +
 .../src/server/api/endpoints/pages/show.ts    |    6 +
 .../src/server/api/endpoints/pages/unlike.ts  |    6 +
 .../backend/src/server/api/endpoints/ping.ts  |    6 +
 .../src/server/api/endpoints/pinned-users.ts  |    6 +
 .../src/server/api/endpoints/promo/read.ts    |    6 +
 .../api/endpoints/renote-mute/delete.ts       |    6 +
 .../server/api/endpoints/renote-mute/list.ts  |    6 +
 .../src/server/api/endpoints/reset-db.ts      |    6 +
 .../server/api/endpoints/reset-password.ts    |    6 +
 .../src/server/api/endpoints/retention.ts     |    6 +
 .../api/endpoints/reversi/cancel-match.ts     |    6 +
 .../src/server/api/endpoints/reversi/games.ts |    6 +
 .../api/endpoints/reversi/invitations.ts      |    6 +
 .../src/server/api/endpoints/reversi/match.ts |    6 +
 .../server/api/endpoints/reversi/show-game.ts |    6 +
 .../server/api/endpoints/reversi/surrender.ts |    6 +
 .../server/api/endpoints/reversi/verify.ts    |    6 +
 .../src/server/api/endpoints/roles/list.ts    |    6 +
 .../src/server/api/endpoints/roles/notes.ts   |    6 +
 .../src/server/api/endpoints/roles/show.ts    |    6 +
 .../src/server/api/endpoints/roles/users.ts   |    6 +
 .../src/server/api/endpoints/server-info.ts   |    6 +
 .../src/server/api/endpoints/sponsors.ts      |    6 +
 .../backend/src/server/api/endpoints/stats.ts |    6 +
 .../src/server/api/endpoints/sw/register.ts   |    6 +
 .../api/endpoints/sw/show-registration.ts     |    6 +
 .../src/server/api/endpoints/sw/unregister.ts |    6 +
 .../api/endpoints/sw/update-registration.ts   |    6 +
 .../backend/src/server/api/endpoints/test.ts  |    6 +
 .../api/endpoints/username/available.ts       |    6 +
 .../backend/src/server/api/endpoints/users.ts |    6 +
 .../api/endpoints/users/achievements.ts       |    6 +
 .../src/server/api/endpoints/users/clips.ts   |    6 +
 .../api/endpoints/users/featured-notes.ts     |    6 +
 .../src/server/api/endpoints/users/flashs.ts  |    6 +
 .../server/api/endpoints/users/followers.ts   |    6 +
 .../server/api/endpoints/users/following.ts   |    6 +
 .../api/endpoints/users/gallery/posts.ts      |    6 +
 .../users/get-frequently-replied-users.ts     |    6 +
 .../users/lists/create-from-public.ts         |    6 +
 .../api/endpoints/users/lists/create.ts       |    6 +
 .../api/endpoints/users/lists/delete.ts       |    6 +
 .../api/endpoints/users/lists/favorite.ts     |    6 +
 .../endpoints/users/lists/get-memberships.ts  |    6 +
 .../server/api/endpoints/users/lists/list.ts  |    6 +
 .../server/api/endpoints/users/lists/pull.ts  |    6 +
 .../server/api/endpoints/users/lists/push.ts  |    6 +
 .../server/api/endpoints/users/lists/show.ts  |    6 +
 .../api/endpoints/users/lists/unfavorite.ts   |    6 +
 .../users/lists/update-membership.ts          |    6 +
 .../api/endpoints/users/lists/update.ts       |    6 +
 .../src/server/api/endpoints/users/notes.ts   |    6 +
 .../src/server/api/endpoints/users/pages.ts   |    6 +
 .../server/api/endpoints/users/reactions.ts   |    6 +
 .../api/endpoints/users/recommendation.ts     |    6 +
 .../server/api/endpoints/users/relation.ts    |    6 +
 .../api/endpoints/users/report-abuse.ts       |    6 +
 .../users/search-by-username-and-host.ts      |    6 +
 .../src/server/api/endpoints/users/search.ts  |    6 +
 .../src/server/api/endpoints/users/show.ts    |    6 +
 .../server/api/endpoints/users/update-memo.ts |    6 +
 packages/misskey-js/src/autogen/types.ts      | 1456 ++++++++++++++++-
 243 files changed, 2916 insertions(+), 17 deletions(-)

diff --git a/packages/backend/src/server/api/endpoints/announcements.ts b/packages/backend/src/server/api/endpoints/announcements.ts
index ff8dd73605..b2faf675b0 100644
--- a/packages/backend/src/server/api/endpoints/announcements.ts
+++ b/packages/backend/src/server/api/endpoints/announcements.ts
@@ -25,6 +25,12 @@ export const meta = {
 			ref: 'Announcement',
 		},
 	},
+
+	// 2 calls per second
+	limit: {
+		duration: 1000,
+		max: 2,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/announcements/show.ts b/packages/backend/src/server/api/endpoints/announcements/show.ts
index 6312a0a54c..20ae6cc2e5 100644
--- a/packages/backend/src/server/api/endpoints/announcements/show.ts
+++ b/packages/backend/src/server/api/endpoints/announcements/show.ts
@@ -27,6 +27,12 @@ export const meta = {
 			id: 'b57b5e1d-4f49-404a-9edb-46b00268f121',
 		},
 	},
+
+	// 5 calls per second
+	limit: {
+		duration: 1000,
+		max: 5,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/antennas/create.ts b/packages/backend/src/server/api/endpoints/antennas/create.ts
index e0c8ddcc84..9a6caa3317 100644
--- a/packages/backend/src/server/api/endpoints/antennas/create.ts
+++ b/packages/backend/src/server/api/endpoints/antennas/create.ts
@@ -47,6 +47,12 @@ export const meta = {
 		optional: false, nullable: false,
 		ref: 'Antenna',
 	},
+
+	// 2 calls per second
+	limit: {
+		duration: 1000,
+		max: 2,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/antennas/delete.ts b/packages/backend/src/server/api/endpoints/antennas/delete.ts
index 2258954b56..70a9f819f5 100644
--- a/packages/backend/src/server/api/endpoints/antennas/delete.ts
+++ b/packages/backend/src/server/api/endpoints/antennas/delete.ts
@@ -24,6 +24,12 @@ export const meta = {
 			id: 'b34dcf9d-348f-44bb-99d0-6c9314cfe2df',
 		},
 	},
+
+	// 2 calls per second
+	limit: {
+		duration: 1000,
+		max: 2,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/antennas/list.ts b/packages/backend/src/server/api/endpoints/antennas/list.ts
index 83d29f9c8c..ed7d1c9daa 100644
--- a/packages/backend/src/server/api/endpoints/antennas/list.ts
+++ b/packages/backend/src/server/api/endpoints/antennas/list.ts
@@ -25,6 +25,12 @@ export const meta = {
 			ref: 'Antenna',
 		},
 	},
+
+	// 3 calls per second
+	limit: {
+		duration: 1000,
+		max: 3,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/antennas/notes.ts b/packages/backend/src/server/api/endpoints/antennas/notes.ts
index f4dfe1ecc4..be4cf1e0ca 100644
--- a/packages/backend/src/server/api/endpoints/antennas/notes.ts
+++ b/packages/backend/src/server/api/endpoints/antennas/notes.ts
@@ -41,6 +41,12 @@ export const meta = {
 			ref: 'Note',
 		},
 	},
+
+	// 10 calls per 5 seconds
+	limit: {
+		duration: 1000 * 5,
+		max: 10,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/antennas/show.ts b/packages/backend/src/server/api/endpoints/antennas/show.ts
index a40f187d0b..3ca20dfb3e 100644
--- a/packages/backend/src/server/api/endpoints/antennas/show.ts
+++ b/packages/backend/src/server/api/endpoints/antennas/show.ts
@@ -30,6 +30,12 @@ export const meta = {
 		optional: false, nullable: false,
 		ref: 'Antenna',
 	},
+
+	// 3 calls per second
+	limit: {
+		duration: 1000,
+		max: 3,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/antennas/update.ts b/packages/backend/src/server/api/endpoints/antennas/update.ts
index 10f26b1912..919a4cb3f5 100644
--- a/packages/backend/src/server/api/endpoints/antennas/update.ts
+++ b/packages/backend/src/server/api/endpoints/antennas/update.ts
@@ -45,6 +45,12 @@ export const meta = {
 		optional: false, nullable: false,
 		ref: 'Antenna',
 	},
+
+	// 2 calls per second
+	limit: {
+		duration: 1000,
+		max: 2,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/app/create.ts b/packages/backend/src/server/api/endpoints/app/create.ts
index ba847fc4f0..6d595289de 100644
--- a/packages/backend/src/server/api/endpoints/app/create.ts
+++ b/packages/backend/src/server/api/endpoints/app/create.ts
@@ -22,6 +22,12 @@ export const meta = {
 		optional: false, nullable: false,
 		ref: 'App',
 	},
+
+	// 3 calls per second
+	limit: {
+		duration: 1000,
+		max: 3,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/app/show.ts b/packages/backend/src/server/api/endpoints/app/show.ts
index 3db9a0d0d4..a8a3e79af1 100644
--- a/packages/backend/src/server/api/endpoints/app/show.ts
+++ b/packages/backend/src/server/api/endpoints/app/show.ts
@@ -26,6 +26,12 @@ export const meta = {
 		optional: false, nullable: false,
 		ref: 'App',
 	},
+
+	// 10 calls per 5 seconds
+	limit: {
+		duration: 1000 * 5,
+		max: 10,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/auth/accept.ts b/packages/backend/src/server/api/endpoints/auth/accept.ts
index 2e62f04df0..0000ce16ef 100644
--- a/packages/backend/src/server/api/endpoints/auth/accept.ts
+++ b/packages/backend/src/server/api/endpoints/auth/accept.ts
@@ -26,6 +26,12 @@ export const meta = {
 			id: '9c72d8de-391a-43c1-9d06-08d29efde8df',
 		},
 	},
+
+	// 2 calls per second
+	limit: {
+		duration: 1000,
+		max: 2,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/auth/session/generate.ts b/packages/backend/src/server/api/endpoints/auth/session/generate.ts
index f8ddfdb75c..a0ee1bfc73 100644
--- a/packages/backend/src/server/api/endpoints/auth/session/generate.ts
+++ b/packages/backend/src/server/api/endpoints/auth/session/generate.ts
@@ -40,6 +40,12 @@ export const meta = {
 			id: '92f93e63-428e-4f2f-a5a4-39e1407fe998',
 		},
 	},
+
+	// 2 calls per second
+	limit: {
+		duration: 1000,
+		max: 2,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/auth/session/show.ts b/packages/backend/src/server/api/endpoints/auth/session/show.ts
index 13e02a2541..ba7ad04f37 100644
--- a/packages/backend/src/server/api/endpoints/auth/session/show.ts
+++ b/packages/backend/src/server/api/endpoints/auth/session/show.ts
@@ -43,6 +43,12 @@ export const meta = {
 			},
 		},
 	},
+
+	// 2 calls per second
+	limit: {
+		duration: 1000,
+		max: 2,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/auth/session/userkey.ts b/packages/backend/src/server/api/endpoints/auth/session/userkey.ts
index b490c5832d..8e9aff8058 100644
--- a/packages/backend/src/server/api/endpoints/auth/session/userkey.ts
+++ b/packages/backend/src/server/api/endpoints/auth/session/userkey.ts
@@ -51,6 +51,12 @@ export const meta = {
 			id: '8c8a4145-02cc-4cca-8e66-29ba60445a8e',
 		},
 	},
+
+	// 2 calls per second
+	limit: {
+		duration: 1000,
+		max: 2,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/blocking/list.ts b/packages/backend/src/server/api/endpoints/blocking/list.ts
index 8431fa6b34..ecbfb10d53 100644
--- a/packages/backend/src/server/api/endpoints/blocking/list.ts
+++ b/packages/backend/src/server/api/endpoints/blocking/list.ts
@@ -26,6 +26,12 @@ export const meta = {
 			ref: 'Blocking',
 		},
 	},
+
+	// 10 calls per 5 seconds
+	limit: {
+		duration: 1000 * 5,
+		max: 10,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/bubble-game/ranking.ts b/packages/backend/src/server/api/endpoints/bubble-game/ranking.ts
index ab877bbe20..5597570f8e 100644
--- a/packages/backend/src/server/api/endpoints/bubble-game/ranking.ts
+++ b/packages/backend/src/server/api/endpoints/bubble-game/ranking.ts
@@ -40,6 +40,12 @@ export const meta = {
 			},
 		},
 	},
+
+	// 2 calls per second
+	limit: {
+		duration: 1000,
+		max: 2,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/channels/favorite.ts b/packages/backend/src/server/api/endpoints/channels/favorite.ts
index a1ae9b80a7..7ae5eb3437 100644
--- a/packages/backend/src/server/api/endpoints/channels/favorite.ts
+++ b/packages/backend/src/server/api/endpoints/channels/favorite.ts
@@ -26,6 +26,12 @@ export const meta = {
 			id: '4938f5f3-6167-4c04-9149-6607b7542861',
 		},
 	},
+
+	// 3 calls per second
+	limit: {
+		duration: 1000,
+		max: 3,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/channels/featured.ts b/packages/backend/src/server/api/endpoints/channels/featured.ts
index a9a79ba8fc..24323cbe63 100644
--- a/packages/backend/src/server/api/endpoints/channels/featured.ts
+++ b/packages/backend/src/server/api/endpoints/channels/featured.ts
@@ -23,6 +23,12 @@ export const meta = {
 			ref: 'Channel',
 		},
 	},
+
+	// 3 calls per second
+	limit: {
+		duration: 1000,
+		max: 3,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/channels/follow.ts b/packages/backend/src/server/api/endpoints/channels/follow.ts
index 1812820ba2..5505f3ed24 100644
--- a/packages/backend/src/server/api/endpoints/channels/follow.ts
+++ b/packages/backend/src/server/api/endpoints/channels/follow.ts
@@ -26,6 +26,12 @@ export const meta = {
 			id: 'c0031718-d573-4e85-928e-10039f1fbb68',
 		},
 	},
+
+	// 3 calls per second
+	limit: {
+		duration: 1000,
+		max: 3,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/channels/followed.ts b/packages/backend/src/server/api/endpoints/channels/followed.ts
index d2f36f251e..e667b0b881 100644
--- a/packages/backend/src/server/api/endpoints/channels/followed.ts
+++ b/packages/backend/src/server/api/endpoints/channels/followed.ts
@@ -26,6 +26,12 @@ export const meta = {
 			ref: 'Channel',
 		},
 	},
+
+	// 10 calls per 5 seconds
+	limit: {
+		duration: 1000 * 5,
+		max: 10,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/channels/my-favorites.ts b/packages/backend/src/server/api/endpoints/channels/my-favorites.ts
index d96e6c3ad2..72a1cc0cf9 100644
--- a/packages/backend/src/server/api/endpoints/channels/my-favorites.ts
+++ b/packages/backend/src/server/api/endpoints/channels/my-favorites.ts
@@ -25,6 +25,12 @@ export const meta = {
 			ref: 'Channel',
 		},
 	},
+
+	// 10 calls per 5 seconds
+	limit: {
+		duration: 1000 * 5,
+		max: 10,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/channels/owned.ts b/packages/backend/src/server/api/endpoints/channels/owned.ts
index daab685f1b..6e51add6b2 100644
--- a/packages/backend/src/server/api/endpoints/channels/owned.ts
+++ b/packages/backend/src/server/api/endpoints/channels/owned.ts
@@ -26,6 +26,12 @@ export const meta = {
 			ref: 'Channel',
 		},
 	},
+
+	// 10 calls per 5 seconds
+	limit: {
+		duration: 1000 * 5,
+		max: 10,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/channels/search.ts b/packages/backend/src/server/api/endpoints/channels/search.ts
index ae32203603..9476c494a3 100644
--- a/packages/backend/src/server/api/endpoints/channels/search.ts
+++ b/packages/backend/src/server/api/endpoints/channels/search.ts
@@ -26,6 +26,12 @@ export const meta = {
 			ref: 'Channel',
 		},
 	},
+
+	// 3 calls per second
+	limit: {
+		duration: 1000,
+		max: 3,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/channels/show.ts b/packages/backend/src/server/api/endpoints/channels/show.ts
index 332ce2c9dc..e9c0c392c0 100644
--- a/packages/backend/src/server/api/endpoints/channels/show.ts
+++ b/packages/backend/src/server/api/endpoints/channels/show.ts
@@ -28,6 +28,12 @@ export const meta = {
 			id: '6f6c314b-7486-4897-8966-c04a66a02923',
 		},
 	},
+
+	// 10 calls per 5 seconds
+	limit: {
+		duration: 1000 * 5,
+		max: 10,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/channels/timeline.ts b/packages/backend/src/server/api/endpoints/channels/timeline.ts
index 06130464a9..0bd01d712c 100644
--- a/packages/backend/src/server/api/endpoints/channels/timeline.ts
+++ b/packages/backend/src/server/api/endpoints/channels/timeline.ts
@@ -38,6 +38,12 @@ export const meta = {
 			id: '4d0eeeba-a02c-4c3c-9966-ef60d38d2e7f',
 		},
 	},
+
+	// 10 calls per 5 seconds
+	limit: {
+		duration: 1000 * 5,
+		max: 10,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/channels/unfavorite.ts b/packages/backend/src/server/api/endpoints/channels/unfavorite.ts
index fc6b75e295..a5db833704 100644
--- a/packages/backend/src/server/api/endpoints/channels/unfavorite.ts
+++ b/packages/backend/src/server/api/endpoints/channels/unfavorite.ts
@@ -25,6 +25,12 @@ export const meta = {
 			id: '353c68dd-131a-476c-aa99-88a345e83668',
 		},
 	},
+
+	// 3 calls per second
+	limit: {
+		duration: 1000,
+		max: 3,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/channels/unfollow.ts b/packages/backend/src/server/api/endpoints/channels/unfollow.ts
index 48c5261135..aea34d9d47 100644
--- a/packages/backend/src/server/api/endpoints/channels/unfollow.ts
+++ b/packages/backend/src/server/api/endpoints/channels/unfollow.ts
@@ -26,6 +26,12 @@ export const meta = {
 			id: '19959ee9-0153-4c51-bbd9-a98c49dc59d6',
 		},
 	},
+
+	// 3 calls per second
+	limit: {
+		duration: 1000,
+		max: 3,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/channels/update.ts b/packages/backend/src/server/api/endpoints/channels/update.ts
index dba2938b39..d2a75225ed 100644
--- a/packages/backend/src/server/api/endpoints/channels/update.ts
+++ b/packages/backend/src/server/api/endpoints/channels/update.ts
@@ -10,6 +10,7 @@ import { ChannelEntityService } from '@/core/entities/ChannelEntityService.js';
 import { DI } from '@/di-symbols.js';
 import { RoleService } from '@/core/RoleService.js';
 import { ApiError } from '../../error.js';
+import ms from 'ms';
 
 export const meta = {
 	tags: ['channels'],
@@ -43,6 +44,11 @@ export const meta = {
 			id: 'e86c14a4-0da2-4032-8df3-e737a04c7f3b',
 		},
 	},
+
+	limit: {
+		duration: ms('1hour'),
+		max: 10,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/charts/active-users.ts b/packages/backend/src/server/api/endpoints/charts/active-users.ts
index fd21e3d9fe..f6c0c045df 100644
--- a/packages/backend/src/server/api/endpoints/charts/active-users.ts
+++ b/packages/backend/src/server/api/endpoints/charts/active-users.ts
@@ -16,6 +16,12 @@ export const meta = {
 
 	allowGet: true,
 	cacheSec: 60 * 60,
+
+	// 10 calls per 5 seconds
+	limit: {
+		duration: 1000 * 5,
+		max: 10,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/charts/ap-request.ts b/packages/backend/src/server/api/endpoints/charts/ap-request.ts
index cbe792376b..4c5c0d5d20 100644
--- a/packages/backend/src/server/api/endpoints/charts/ap-request.ts
+++ b/packages/backend/src/server/api/endpoints/charts/ap-request.ts
@@ -16,6 +16,12 @@ export const meta = {
 
 	allowGet: true,
 	cacheSec: 60 * 60,
+
+	// 10 calls per 5 seconds
+	limit: {
+		duration: 1000 * 5,
+		max: 10,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/charts/drive.ts b/packages/backend/src/server/api/endpoints/charts/drive.ts
index d32bc765a4..8210ec8fe7 100644
--- a/packages/backend/src/server/api/endpoints/charts/drive.ts
+++ b/packages/backend/src/server/api/endpoints/charts/drive.ts
@@ -16,6 +16,12 @@ export const meta = {
 
 	allowGet: true,
 	cacheSec: 60 * 60,
+
+	// 10 calls per 5 seconds
+	limit: {
+		duration: 1000 * 5,
+		max: 10,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/charts/federation.ts b/packages/backend/src/server/api/endpoints/charts/federation.ts
index dad21e9e8e..56a5dbea31 100644
--- a/packages/backend/src/server/api/endpoints/charts/federation.ts
+++ b/packages/backend/src/server/api/endpoints/charts/federation.ts
@@ -16,6 +16,12 @@ export const meta = {
 
 	allowGet: true,
 	cacheSec: 60 * 60,
+
+	// 10 calls per 5 seconds
+	limit: {
+		duration: 1000 * 5,
+		max: 10,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/charts/instance.ts b/packages/backend/src/server/api/endpoints/charts/instance.ts
index 68aa12ac0e..7f79e1356d 100644
--- a/packages/backend/src/server/api/endpoints/charts/instance.ts
+++ b/packages/backend/src/server/api/endpoints/charts/instance.ts
@@ -16,6 +16,12 @@ export const meta = {
 
 	allowGet: true,
 	cacheSec: 60 * 60,
+
+	// 10 calls per 5 seconds
+	limit: {
+		duration: 1000 * 5,
+		max: 10,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/charts/notes.ts b/packages/backend/src/server/api/endpoints/charts/notes.ts
index e1979cfe8b..b3660b558b 100644
--- a/packages/backend/src/server/api/endpoints/charts/notes.ts
+++ b/packages/backend/src/server/api/endpoints/charts/notes.ts
@@ -16,6 +16,12 @@ export const meta = {
 
 	allowGet: true,
 	cacheSec: 60 * 60,
+
+	// 10 calls per 5 seconds
+	limit: {
+		duration: 1000 * 5,
+		max: 10,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/charts/user/drive.ts b/packages/backend/src/server/api/endpoints/charts/user/drive.ts
index dcb72084b7..716c41f385 100644
--- a/packages/backend/src/server/api/endpoints/charts/user/drive.ts
+++ b/packages/backend/src/server/api/endpoints/charts/user/drive.ts
@@ -16,6 +16,12 @@ export const meta = {
 
 	allowGet: true,
 	cacheSec: 60 * 60,
+
+	// 10 calls per 5 seconds
+	limit: {
+		duration: 1000 * 5,
+		max: 10,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/charts/user/following.ts b/packages/backend/src/server/api/endpoints/charts/user/following.ts
index 0a019ce4fb..b67b5ca338 100644
--- a/packages/backend/src/server/api/endpoints/charts/user/following.ts
+++ b/packages/backend/src/server/api/endpoints/charts/user/following.ts
@@ -16,6 +16,12 @@ export const meta = {
 
 	allowGet: true,
 	cacheSec: 60 * 60,
+
+	// 10 calls per 5 seconds
+	limit: {
+		duration: 1000 * 5,
+		max: 10,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/charts/user/notes.ts b/packages/backend/src/server/api/endpoints/charts/user/notes.ts
index 06b15bca18..e5587cab86 100644
--- a/packages/backend/src/server/api/endpoints/charts/user/notes.ts
+++ b/packages/backend/src/server/api/endpoints/charts/user/notes.ts
@@ -16,6 +16,12 @@ export const meta = {
 
 	allowGet: true,
 	cacheSec: 60 * 60,
+
+	// 10 calls per 5 seconds
+	limit: {
+		duration: 1000 * 5,
+		max: 10,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/charts/user/pv.ts b/packages/backend/src/server/api/endpoints/charts/user/pv.ts
index d359b491e2..cbae3a21c1 100644
--- a/packages/backend/src/server/api/endpoints/charts/user/pv.ts
+++ b/packages/backend/src/server/api/endpoints/charts/user/pv.ts
@@ -16,6 +16,12 @@ export const meta = {
 
 	allowGet: true,
 	cacheSec: 60 * 60,
+
+	// 10 calls per 5 seconds
+	limit: {
+		duration: 1000 * 5,
+		max: 10,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/charts/user/reactions.ts b/packages/backend/src/server/api/endpoints/charts/user/reactions.ts
index 4355aa5348..d734240742 100644
--- a/packages/backend/src/server/api/endpoints/charts/user/reactions.ts
+++ b/packages/backend/src/server/api/endpoints/charts/user/reactions.ts
@@ -16,6 +16,12 @@ export const meta = {
 
 	allowGet: true,
 	cacheSec: 60 * 60,
+
+	// 10 calls per 5 seconds
+	limit: {
+		duration: 1000 * 5,
+		max: 10,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/charts/users.ts b/packages/backend/src/server/api/endpoints/charts/users.ts
index 1f5f5fea54..6e1a8ebd4f 100644
--- a/packages/backend/src/server/api/endpoints/charts/users.ts
+++ b/packages/backend/src/server/api/endpoints/charts/users.ts
@@ -16,6 +16,12 @@ export const meta = {
 
 	allowGet: true,
 	cacheSec: 60 * 60,
+
+	// 10 calls per 5 seconds
+	limit: {
+		duration: 1000 * 5,
+		max: 10,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/clips/add-note.ts b/packages/backend/src/server/api/endpoints/clips/add-note.ts
index d7c9ea3964..7816ea3ac9 100644
--- a/packages/backend/src/server/api/endpoints/clips/add-note.ts
+++ b/packages/backend/src/server/api/endpoints/clips/add-note.ts
@@ -18,9 +18,10 @@ export const meta = {
 
 	kind: 'write:account',
 
+	// 60 calls per hour
 	limit: {
 		duration: ms('1hour'),
-		max: 20,
+		max: 60,
 	},
 
 	errors: {
diff --git a/packages/backend/src/server/api/endpoints/clips/create.ts b/packages/backend/src/server/api/endpoints/clips/create.ts
index ceebc8ba5e..c2f72ad9ae 100644
--- a/packages/backend/src/server/api/endpoints/clips/create.ts
+++ b/packages/backend/src/server/api/endpoints/clips/create.ts
@@ -32,6 +32,12 @@ export const meta = {
 			id: '920f7c2d-6208-4b76-8082-e632020f5883',
 		},
 	},
+
+	// 2 calls per second
+	limit: {
+		duration: 1000,
+		max: 2,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/clips/delete.ts b/packages/backend/src/server/api/endpoints/clips/delete.ts
index ca8ff2e1f1..f3f8705c44 100644
--- a/packages/backend/src/server/api/endpoints/clips/delete.ts
+++ b/packages/backend/src/server/api/endpoints/clips/delete.ts
@@ -22,6 +22,12 @@ export const meta = {
 			id: '70ca08ba-6865-4630-b6fb-8494759aa754',
 		},
 	},
+
+	// 2 calls per second
+	limit: {
+		duration: 1000,
+		max: 2,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/clips/favorite.ts b/packages/backend/src/server/api/endpoints/clips/favorite.ts
index 11f8ec3e92..a6b97a6a80 100644
--- a/packages/backend/src/server/api/endpoints/clips/favorite.ts
+++ b/packages/backend/src/server/api/endpoints/clips/favorite.ts
@@ -32,6 +32,12 @@ export const meta = {
 			id: '92658936-c625-4273-8326-2d790129256e',
 		},
 	},
+
+	// 3 calls per second
+	limit: {
+		duration: 1000,
+		max: 3,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/clips/list.ts b/packages/backend/src/server/api/endpoints/clips/list.ts
index 2e4a3ff820..cd4c6bb2fc 100644
--- a/packages/backend/src/server/api/endpoints/clips/list.ts
+++ b/packages/backend/src/server/api/endpoints/clips/list.ts
@@ -25,6 +25,12 @@ export const meta = {
 			ref: 'Clip',
 		},
 	},
+
+	// 3 calls per second
+	limit: {
+		duration: 1000,
+		max: 3,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/clips/my-favorites.ts b/packages/backend/src/server/api/endpoints/clips/my-favorites.ts
index 44719592d1..1f9b24e6c9 100644
--- a/packages/backend/src/server/api/endpoints/clips/my-favorites.ts
+++ b/packages/backend/src/server/api/endpoints/clips/my-favorites.ts
@@ -25,6 +25,12 @@ export const meta = {
 			ref: 'Clip',
 		},
 	},
+
+	// 3 calls per second
+	limit: {
+		duration: 1000,
+		max: 3,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/clips/notes.ts b/packages/backend/src/server/api/endpoints/clips/notes.ts
index 943c31c894..6175c4d0e5 100644
--- a/packages/backend/src/server/api/endpoints/clips/notes.ts
+++ b/packages/backend/src/server/api/endpoints/clips/notes.ts
@@ -35,6 +35,12 @@ export const meta = {
 			ref: 'Note',
 		},
 	},
+
+	// 10 calls per 5 seconds
+	limit: {
+		duration: 1000 * 5,
+		max: 10,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/clips/remove-note.ts b/packages/backend/src/server/api/endpoints/clips/remove-note.ts
index 33f9ecd25b..2c503d4af5 100644
--- a/packages/backend/src/server/api/endpoints/clips/remove-note.ts
+++ b/packages/backend/src/server/api/endpoints/clips/remove-note.ts
@@ -30,6 +30,12 @@ export const meta = {
 			id: 'aff017de-190e-434b-893e-33a9ff5049d8',
 		},
 	},
+
+	// 2 calls per second
+	limit: {
+		duration: 1000,
+		max: 2,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/clips/show.ts b/packages/backend/src/server/api/endpoints/clips/show.ts
index 1078a1b176..949f0e70aa 100644
--- a/packages/backend/src/server/api/endpoints/clips/show.ts
+++ b/packages/backend/src/server/api/endpoints/clips/show.ts
@@ -30,6 +30,12 @@ export const meta = {
 		optional: false, nullable: false,
 		ref: 'Clip',
 	},
+
+	// 3 calls per second
+	limit: {
+		duration: 1000,
+		max: 3,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/clips/unfavorite.ts b/packages/backend/src/server/api/endpoints/clips/unfavorite.ts
index a458fda4a0..e436e5b94e 100644
--- a/packages/backend/src/server/api/endpoints/clips/unfavorite.ts
+++ b/packages/backend/src/server/api/endpoints/clips/unfavorite.ts
@@ -31,6 +31,12 @@ export const meta = {
 			id: '90c3a9e8-b321-4dae-bf57-2bf79bbcc187',
 		},
 	},
+
+	// 3 calls per second
+	limit: {
+		duration: 1000,
+		max: 3,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/clips/update.ts b/packages/backend/src/server/api/endpoints/clips/update.ts
index 603a3ccf3d..b776f1357d 100644
--- a/packages/backend/src/server/api/endpoints/clips/update.ts
+++ b/packages/backend/src/server/api/endpoints/clips/update.ts
@@ -31,6 +31,12 @@ export const meta = {
 		optional: false, nullable: false,
 		ref: 'Clip',
 	},
+
+	// 2 calls per second
+	limit: {
+		duration: 1000,
+		max: 2,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/drive.ts b/packages/backend/src/server/api/endpoints/drive.ts
index eb45e29f9e..a05372909c 100644
--- a/packages/backend/src/server/api/endpoints/drive.ts
+++ b/packages/backend/src/server/api/endpoints/drive.ts
@@ -29,6 +29,12 @@ export const meta = {
 			},
 		},
 	},
+
+	// 3 calls per second
+	limit: {
+		duration: 1000,
+		max: 3,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/drive/files.ts b/packages/backend/src/server/api/endpoints/drive/files.ts
index d615036ce8..8e821da0da 100644
--- a/packages/backend/src/server/api/endpoints/drive/files.ts
+++ b/packages/backend/src/server/api/endpoints/drive/files.ts
@@ -28,6 +28,12 @@ export const meta = {
 			ref: 'DriveFile',
 		},
 	},
+
+	// 10 calls per 5 seconds
+	limit: {
+		duration: 1000 * 5,
+		max: 10,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/drive/files/attached-notes.ts b/packages/backend/src/server/api/endpoints/drive/files/attached-notes.ts
index b86059b5e7..32c2620915 100644
--- a/packages/backend/src/server/api/endpoints/drive/files/attached-notes.ts
+++ b/packages/backend/src/server/api/endpoints/drive/files/attached-notes.ts
@@ -38,6 +38,12 @@ export const meta = {
 			id: 'c118ece3-2e4b-4296-99d1-51756e32d232',
 		},
 	},
+
+	// 10 calls per 5 seconds
+	limit: {
+		duration: 1000 * 5,
+		max: 10,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/drive/files/check-existence.ts b/packages/backend/src/server/api/endpoints/drive/files/check-existence.ts
index cc7920505f..dfb83efc45 100644
--- a/packages/backend/src/server/api/endpoints/drive/files/check-existence.ts
+++ b/packages/backend/src/server/api/endpoints/drive/files/check-existence.ts
@@ -21,6 +21,12 @@ export const meta = {
 		type: 'boolean',
 		optional: false, nullable: false,
 	},
+
+	// 10 calls per 5 seconds
+	limit: {
+		duration: 1000 * 5,
+		max: 10,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/drive/files/delete.ts b/packages/backend/src/server/api/endpoints/drive/files/delete.ts
index fa6e11da49..7a009b12a1 100644
--- a/packages/backend/src/server/api/endpoints/drive/files/delete.ts
+++ b/packages/backend/src/server/api/endpoints/drive/files/delete.ts
@@ -11,6 +11,7 @@ import { GlobalEventService } from '@/core/GlobalEventService.js';
 import { DI } from '@/di-symbols.js';
 import { RoleService } from '@/core/RoleService.js';
 import { ApiError } from '../../../error.js';
+import ms from 'ms';
 
 export const meta = {
 	tags: ['drive'],
@@ -34,6 +35,12 @@ export const meta = {
 			id: '5eb8d909-2540-4970-90b8-dd6f86088121',
 		},
 	},
+
+	// 100 calls per minute
+	limit: {
+		duration: 1000 * 60,
+		max: 100,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/drive/files/find-by-hash.ts b/packages/backend/src/server/api/endpoints/drive/files/find-by-hash.ts
index 090cff6875..e8fba144b5 100644
--- a/packages/backend/src/server/api/endpoints/drive/files/find-by-hash.ts
+++ b/packages/backend/src/server/api/endpoints/drive/files/find-by-hash.ts
@@ -27,6 +27,12 @@ export const meta = {
 			ref: 'DriveFile',
 		},
 	},
+
+	// 2 calls per second
+	limit: {
+		duration: 1000,
+		max: 2,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/drive/files/find.ts b/packages/backend/src/server/api/endpoints/drive/files/find.ts
index 502d42f9e0..377af3db69 100644
--- a/packages/backend/src/server/api/endpoints/drive/files/find.ts
+++ b/packages/backend/src/server/api/endpoints/drive/files/find.ts
@@ -28,6 +28,12 @@ export const meta = {
 			ref: 'DriveFile',
 		},
 	},
+
+	// 2 calls per second
+	limit: {
+		duration: 1000,
+		max: 2,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/drive/files/show.ts b/packages/backend/src/server/api/endpoints/drive/files/show.ts
index e8f4539d61..64f6a8b2ba 100644
--- a/packages/backend/src/server/api/endpoints/drive/files/show.ts
+++ b/packages/backend/src/server/api/endpoints/drive/files/show.ts
@@ -40,6 +40,12 @@ export const meta = {
 			id: '25b73c73-68b1-41d0-bad1-381cfdf6579f',
 		},
 	},
+
+	// 10 calls per 5 seconds
+	limit: {
+		duration: 1000 * 5,
+		max: 10,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/drive/files/update.ts b/packages/backend/src/server/api/endpoints/drive/files/update.ts
index 1501abf9ce..94a0e673a3 100644
--- a/packages/backend/src/server/api/endpoints/drive/files/update.ts
+++ b/packages/backend/src/server/api/endpoints/drive/files/update.ts
@@ -11,6 +11,7 @@ import { RoleService } from '@/core/RoleService.js';
 import { DriveService } from '@/core/DriveService.js';
 import type { Config } from '@/config.js';
 import { ApiError } from '../../../error.js';
+import ms from 'ms';
 
 export const meta = {
 	tags: ['drive'],
@@ -63,6 +64,12 @@ export const meta = {
 		optional: false, nullable: false,
 		ref: 'DriveFile',
 	},
+
+	// 100 calls per minute
+	limit: {
+		duration: 1000 * 60,
+		max: 100,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/drive/folders.ts b/packages/backend/src/server/api/endpoints/drive/folders.ts
index 9bcd824882..1245706b0d 100644
--- a/packages/backend/src/server/api/endpoints/drive/folders.ts
+++ b/packages/backend/src/server/api/endpoints/drive/folders.ts
@@ -27,6 +27,12 @@ export const meta = {
 			ref: 'DriveFolder',
 		},
 	},
+
+	// 10 calls per 5 seconds
+	limit: {
+		duration: 1000 * 5,
+		max: 10,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/drive/folders/delete.ts b/packages/backend/src/server/api/endpoints/drive/folders/delete.ts
index 85d63873a4..29be2121cd 100644
--- a/packages/backend/src/server/api/endpoints/drive/folders/delete.ts
+++ b/packages/backend/src/server/api/endpoints/drive/folders/delete.ts
@@ -9,6 +9,7 @@ import type { DriveFoldersRepository, DriveFilesRepository } from '@/models/_.js
 import { GlobalEventService } from '@/core/GlobalEventService.js';
 import { DI } from '@/di-symbols.js';
 import { ApiError } from '../../../error.js';
+import ms from 'ms';
 
 export const meta = {
 	tags: ['drive'],
@@ -30,6 +31,12 @@ export const meta = {
 			id: 'b0fc8a17-963c-405d-bfbc-859a487295e1',
 		},
 	},
+
+	// 100 calls per minute
+	limit: {
+		duration: 1000 * 60,
+		max: 100,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/drive/folders/find.ts b/packages/backend/src/server/api/endpoints/drive/folders/find.ts
index eb45a30bc0..950aeacea0 100644
--- a/packages/backend/src/server/api/endpoints/drive/folders/find.ts
+++ b/packages/backend/src/server/api/endpoints/drive/folders/find.ts
@@ -26,6 +26,12 @@ export const meta = {
 			ref: 'DriveFolder',
 		},
 	},
+
+	// 2 calls per second
+	limit: {
+		duration: 1000,
+		max: 2,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/drive/folders/show.ts b/packages/backend/src/server/api/endpoints/drive/folders/show.ts
index a1c0df6697..520d6b1b58 100644
--- a/packages/backend/src/server/api/endpoints/drive/folders/show.ts
+++ b/packages/backend/src/server/api/endpoints/drive/folders/show.ts
@@ -30,6 +30,12 @@ export const meta = {
 			id: 'd74ab9eb-bb09-4bba-bf24-fb58f761e1e9',
 		},
 	},
+
+	// 10 calls per 5 seconds
+	limit: {
+		duration: 1000 * 5,
+		max: 10,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/drive/folders/update.ts b/packages/backend/src/server/api/endpoints/drive/folders/update.ts
index 62b04e1df3..cd47c0fc68 100644
--- a/packages/backend/src/server/api/endpoints/drive/folders/update.ts
+++ b/packages/backend/src/server/api/endpoints/drive/folders/update.ts
@@ -10,6 +10,7 @@ import { DriveFolderEntityService } from '@/core/entities/DriveFolderEntityServi
 import { GlobalEventService } from '@/core/GlobalEventService.js';
 import { DI } from '@/di-symbols.js';
 import { ApiError } from '../../../error.js';
+import ms from 'ms';
 
 export const meta = {
 	tags: ['drive'],
@@ -43,6 +44,12 @@ export const meta = {
 		optional: false, nullable: false,
 		ref: 'DriveFolder',
 	},
+
+	// 100 calls per minute
+	limit: {
+		duration: 1000 * 60,
+		max: 100,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/drive/stream.ts b/packages/backend/src/server/api/endpoints/drive/stream.ts
index f7c1ed39b5..4cb0a91546 100644
--- a/packages/backend/src/server/api/endpoints/drive/stream.ts
+++ b/packages/backend/src/server/api/endpoints/drive/stream.ts
@@ -26,6 +26,12 @@ export const meta = {
 			ref: 'DriveFile',
 		},
 	},
+
+	// 10 calls per 5 seconds
+	limit: {
+		duration: 1000 * 5,
+		max: 10,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/email-address/available.ts b/packages/backend/src/server/api/endpoints/email-address/available.ts
index 1d7dacd60e..b4982fc8cf 100644
--- a/packages/backend/src/server/api/endpoints/email-address/available.ts
+++ b/packages/backend/src/server/api/endpoints/email-address/available.ts
@@ -26,6 +26,12 @@ export const meta = {
 			},
 		},
 	},
+
+	// 5 calls per second
+	limit: {
+		duration: 1000,
+		max: 5,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/emoji.ts b/packages/backend/src/server/api/endpoints/emoji.ts
index ccfbda0d44..45cc4a10f3 100644
--- a/packages/backend/src/server/api/endpoints/emoji.ts
+++ b/packages/backend/src/server/api/endpoints/emoji.ts
@@ -22,6 +22,12 @@ export const meta = {
 		optional: false, nullable: false,
 		ref: 'EmojiDetailed',
 	},
+
+	// 2 calls per second
+	limit: {
+		duration: 1000,
+		max: 2,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/emojis.ts b/packages/backend/src/server/api/endpoints/emojis.ts
index 46ef4eca1b..d5a14ca8f4 100644
--- a/packages/backend/src/server/api/endpoints/emojis.ts
+++ b/packages/backend/src/server/api/endpoints/emojis.ts
@@ -32,6 +32,12 @@ export const meta = {
 			},
 		},
 	},
+
+	// 2 calls per second
+	limit: {
+		duration: 1000,
+		max: 2,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/endpoint.ts b/packages/backend/src/server/api/endpoints/endpoint.ts
index fe7e9c36f3..7629cd7a67 100644
--- a/packages/backend/src/server/api/endpoints/endpoint.ts
+++ b/packages/backend/src/server/api/endpoints/endpoint.ts
@@ -28,6 +28,12 @@ export const meta = {
 			},
 		},
 	},
+
+	// 5 calls per second
+	limit: {
+		duration: 1000,
+		max: 5,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/endpoints.ts b/packages/backend/src/server/api/endpoints/endpoints.ts
index 4aedf62a84..8878f5d570 100644
--- a/packages/backend/src/server/api/endpoints/endpoints.ts
+++ b/packages/backend/src/server/api/endpoints/endpoints.ts
@@ -26,6 +26,12 @@ export const meta = {
 			'...',
 		],
 	},
+
+	// 5 calls per second
+	limit: {
+		duration: 1000,
+		max: 5,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/federation/followers.ts b/packages/backend/src/server/api/endpoints/federation/followers.ts
index d5b80035df..e7b528dda1 100644
--- a/packages/backend/src/server/api/endpoints/federation/followers.ts
+++ b/packages/backend/src/server/api/endpoints/federation/followers.ts
@@ -22,6 +22,12 @@ export const meta = {
 			ref: 'Following',
 		},
 	},
+
+	// 10 calls per 5 seconds
+	limit: {
+		duration: 1000 * 5,
+		max: 10,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/federation/following.ts b/packages/backend/src/server/api/endpoints/federation/following.ts
index 215f94fbcc..070a1c8407 100644
--- a/packages/backend/src/server/api/endpoints/federation/following.ts
+++ b/packages/backend/src/server/api/endpoints/federation/following.ts
@@ -22,6 +22,12 @@ export const meta = {
 			ref: 'Following',
 		},
 	},
+
+	// 10 calls per 5 seconds
+	limit: {
+		duration: 1000 * 5,
+		max: 10,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/federation/instances.ts b/packages/backend/src/server/api/endpoints/federation/instances.ts
index c1ce3f2238..97384d2498 100644
--- a/packages/backend/src/server/api/endpoints/federation/instances.ts
+++ b/packages/backend/src/server/api/endpoints/federation/instances.ts
@@ -27,6 +27,12 @@ export const meta = {
 			ref: 'FederationInstance',
 		},
 	},
+
+	// 10 calls per 5 seconds
+	limit: {
+		duration: 1000 * 5,
+		max: 10,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/federation/show-instance.ts b/packages/backend/src/server/api/endpoints/federation/show-instance.ts
index 2972861a4b..8168f9296f 100644
--- a/packages/backend/src/server/api/endpoints/federation/show-instance.ts
+++ b/packages/backend/src/server/api/endpoints/federation/show-instance.ts
@@ -20,6 +20,12 @@ export const meta = {
 		optional: false, nullable: true,
 		ref: 'FederationInstance',
 	},
+
+	// 10 calls per 5 seconds
+	limit: {
+		duration: 1000 * 5,
+		max: 10,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/federation/stats.ts b/packages/backend/src/server/api/endpoints/federation/stats.ts
index 69900bff9a..54d29c2faa 100644
--- a/packages/backend/src/server/api/endpoints/federation/stats.ts
+++ b/packages/backend/src/server/api/endpoints/federation/stats.ts
@@ -50,6 +50,12 @@ export const meta = {
 			otherFollowingCount: { type: 'number' },
 		},
 	},
+
+	// 10 calls per 5 seconds
+	limit: {
+		duration: 1000 * 5,
+		max: 10,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/federation/update-remote-user.ts b/packages/backend/src/server/api/endpoints/federation/update-remote-user.ts
index f8430ef431..3ec9522c44 100644
--- a/packages/backend/src/server/api/endpoints/federation/update-remote-user.ts
+++ b/packages/backend/src/server/api/endpoints/federation/update-remote-user.ts
@@ -12,6 +12,12 @@ export const meta = {
 	tags: ['federation'],
 
 	requireCredential: false,
+
+	// 2 calls per second
+	limit: {
+		duration: 1000,
+		max: 2,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/federation/users.ts b/packages/backend/src/server/api/endpoints/federation/users.ts
index 71b1aeb07b..e3bc2989df 100644
--- a/packages/backend/src/server/api/endpoints/federation/users.ts
+++ b/packages/backend/src/server/api/endpoints/federation/users.ts
@@ -24,6 +24,12 @@ export const meta = {
 			ref: 'UserDetailedNotMe',
 		},
 	},
+
+	// 10 calls per 5 seconds
+	limit: {
+		duration: 1000 * 5,
+		max: 10,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/fetch-rss.ts b/packages/backend/src/server/api/endpoints/fetch-rss.ts
index ba48b0119e..03f35f16a5 100644
--- a/packages/backend/src/server/api/endpoints/fetch-rss.ts
+++ b/packages/backend/src/server/api/endpoints/fetch-rss.ts
@@ -203,6 +203,12 @@ export const meta = {
 			},
 		},
 	},
+
+	// 20 calls per 10 seconds
+	limit: {
+		duration: 1000 * 10,
+		max: 20,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/flash/delete.ts b/packages/backend/src/server/api/endpoints/flash/delete.ts
index 6912450abf..1010567113 100644
--- a/packages/backend/src/server/api/endpoints/flash/delete.ts
+++ b/packages/backend/src/server/api/endpoints/flash/delete.ts
@@ -10,6 +10,7 @@ import { DI } from '@/di-symbols.js';
 import { ModerationLogService } from '@/core/ModerationLogService.js';
 import { RoleService } from '@/core/RoleService.js';
 import { ApiError } from '../../error.js';
+import ms from 'ms';
 
 export const meta = {
 	tags: ['flashs'],
@@ -31,6 +32,11 @@ export const meta = {
 			id: '1036ad7b-9f92-4fff-89c3-0e50dc941704',
 		},
 	},
+
+	limit: {
+		duration: ms('1hour'),
+		max: 10,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/flash/featured.ts b/packages/backend/src/server/api/endpoints/flash/featured.ts
index c2d6ab5085..2e8cbffe2a 100644
--- a/packages/backend/src/server/api/endpoints/flash/featured.ts
+++ b/packages/backend/src/server/api/endpoints/flash/featured.ts
@@ -23,6 +23,12 @@ export const meta = {
 			ref: 'Flash',
 		},
 	},
+
+	// 2 calls per second
+	limit: {
+		duration: 1000,
+		max: 2,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/flash/like.ts b/packages/backend/src/server/api/endpoints/flash/like.ts
index e4dc5b61c5..378f9280f7 100644
--- a/packages/backend/src/server/api/endpoints/flash/like.ts
+++ b/packages/backend/src/server/api/endpoints/flash/like.ts
@@ -38,6 +38,12 @@ export const meta = {
 			id: '010065cf-ad43-40df-8067-abff9f4686e3',
 		},
 	},
+
+	// 2 calls per second
+	limit: {
+		duration: 1000,
+		max: 2,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/flash/my-likes.ts b/packages/backend/src/server/api/endpoints/flash/my-likes.ts
index 755cc5acfc..22eae381da 100644
--- a/packages/backend/src/server/api/endpoints/flash/my-likes.ts
+++ b/packages/backend/src/server/api/endpoints/flash/my-likes.ts
@@ -36,6 +36,12 @@ export const meta = {
 			},
 		},
 	},
+
+	// 10 calls per 5 seconds
+	limit: {
+		duration: 1000 * 5,
+		max: 10,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/flash/my.ts b/packages/backend/src/server/api/endpoints/flash/my.ts
index 5746096232..48f464c337 100644
--- a/packages/backend/src/server/api/endpoints/flash/my.ts
+++ b/packages/backend/src/server/api/endpoints/flash/my.ts
@@ -26,6 +26,12 @@ export const meta = {
 			ref: 'Flash',
 		},
 	},
+
+	// 10 calls per 5 seconds
+	limit: {
+		duration: 1000 * 5,
+		max: 10,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/flash/show.ts b/packages/backend/src/server/api/endpoints/flash/show.ts
index a6fbd8e76e..03d9710773 100644
--- a/packages/backend/src/server/api/endpoints/flash/show.ts
+++ b/packages/backend/src/server/api/endpoints/flash/show.ts
@@ -28,6 +28,12 @@ export const meta = {
 			id: 'f0d34a1a-d29a-401d-90ba-1982122b5630',
 		},
 	},
+
+	// 10 calls per 5 seconds
+	limit: {
+		duration: 1000 * 5,
+		max: 10,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/flash/unlike.ts b/packages/backend/src/server/api/endpoints/flash/unlike.ts
index 7869bcdf52..6f45198e67 100644
--- a/packages/backend/src/server/api/endpoints/flash/unlike.ts
+++ b/packages/backend/src/server/api/endpoints/flash/unlike.ts
@@ -31,6 +31,12 @@ export const meta = {
 			id: '755f25a7-9871-4f65-9f34-51eaad9ae0ac',
 		},
 	},
+
+	// 2 calls per second
+	limit: {
+		duration: 1000,
+		max: 2,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/following/requests/accept.ts b/packages/backend/src/server/api/endpoints/following/requests/accept.ts
index 2d1446681c..4cf7413001 100644
--- a/packages/backend/src/server/api/endpoints/following/requests/accept.ts
+++ b/packages/backend/src/server/api/endpoints/following/requests/accept.ts
@@ -28,6 +28,12 @@ export const meta = {
 			id: 'bcde4f8b-0913-4614-8881-614e522fb041',
 		},
 	},
+
+	// 10 calls per 5 seconds
+	limit: {
+		duration: 1000 * 5,
+		max: 10,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/following/requests/cancel.ts b/packages/backend/src/server/api/endpoints/following/requests/cancel.ts
index 6d663d480c..9bcd726b12 100644
--- a/packages/backend/src/server/api/endpoints/following/requests/cancel.ts
+++ b/packages/backend/src/server/api/endpoints/following/requests/cancel.ts
@@ -37,6 +37,12 @@ export const meta = {
 		optional: false, nullable: false,
 		ref: 'UserLite',
 	},
+
+	// 10 calls per 5 seconds
+	limit: {
+		duration: 1000 * 5,
+		max: 10,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/following/requests/list.ts b/packages/backend/src/server/api/endpoints/following/requests/list.ts
index fa59e38976..7ec217fdc4 100644
--- a/packages/backend/src/server/api/endpoints/following/requests/list.ts
+++ b/packages/backend/src/server/api/endpoints/following/requests/list.ts
@@ -42,6 +42,12 @@ export const meta = {
 			},
 		},
 	},
+
+	// 2 calls per second
+	limit: {
+		duration: 1000,
+		max: 2,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/following/requests/reject.ts b/packages/backend/src/server/api/endpoints/following/requests/reject.ts
index 4f78eae677..0c49b27aad 100644
--- a/packages/backend/src/server/api/endpoints/following/requests/reject.ts
+++ b/packages/backend/src/server/api/endpoints/following/requests/reject.ts
@@ -23,6 +23,12 @@ export const meta = {
 			id: 'abc2ffa6-25b2-4380-ba99-321ff3a94555',
 		},
 	},
+
+	// 10 calls per 5 seconds
+	limit: {
+		duration: 1000 * 5,
+		max: 10,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/following/requests/sent.ts b/packages/backend/src/server/api/endpoints/following/requests/sent.ts
index 6325f01bb8..7f99c228f4 100644
--- a/packages/backend/src/server/api/endpoints/following/requests/sent.ts
+++ b/packages/backend/src/server/api/endpoints/following/requests/sent.ts
@@ -42,6 +42,12 @@ export const meta = {
 			},
 		},
 	},
+
+	// 2 calls per second
+	limit: {
+		duration: 1000,
+		max: 2,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/gallery/featured.ts b/packages/backend/src/server/api/endpoints/gallery/featured.ts
index 7d2878e03f..abbfb9b83b 100644
--- a/packages/backend/src/server/api/endpoints/gallery/featured.ts
+++ b/packages/backend/src/server/api/endpoints/gallery/featured.ts
@@ -24,6 +24,12 @@ export const meta = {
 			ref: 'GalleryPost',
 		},
 	},
+
+	// 10 calls per 5 seconds
+	limit: {
+		duration: 1000 * 5,
+		max: 10,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/gallery/popular.ts b/packages/backend/src/server/api/endpoints/gallery/popular.ts
index 4ee252104a..71b979ab9f 100644
--- a/packages/backend/src/server/api/endpoints/gallery/popular.ts
+++ b/packages/backend/src/server/api/endpoints/gallery/popular.ts
@@ -23,6 +23,12 @@ export const meta = {
 			ref: 'GalleryPost',
 		},
 	},
+
+	// 10 calls per 5 seconds
+	limit: {
+		duration: 1000 * 5,
+		max: 10,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/gallery/posts.ts b/packages/backend/src/server/api/endpoints/gallery/posts.ts
index d398418ab4..630b6cede5 100644
--- a/packages/backend/src/server/api/endpoints/gallery/posts.ts
+++ b/packages/backend/src/server/api/endpoints/gallery/posts.ts
@@ -22,6 +22,12 @@ export const meta = {
 			ref: 'GalleryPost',
 		},
 	},
+
+	// 10 calls per 5 seconds
+	limit: {
+		duration: 1000 * 5,
+		max: 10,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/gallery/posts/delete.ts b/packages/backend/src/server/api/endpoints/gallery/posts/delete.ts
index b6b94db161..68478ba55c 100644
--- a/packages/backend/src/server/api/endpoints/gallery/posts/delete.ts
+++ b/packages/backend/src/server/api/endpoints/gallery/posts/delete.ts
@@ -10,6 +10,7 @@ import { DI } from '@/di-symbols.js';
 import { ModerationLogService } from '@/core/ModerationLogService.js';
 import { RoleService } from '@/core/RoleService.js';
 import { ApiError } from '../../../error.js';
+import ms from 'ms';
 
 export const meta = {
 	tags: ['gallery'],
@@ -31,6 +32,11 @@ export const meta = {
 			id: 'c86e09de-1c48-43ac-a435-1c7e42ed4496',
 		},
 	},
+
+	limit: {
+		duration: ms('1hour'),
+		max: 300,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/gallery/posts/like.ts b/packages/backend/src/server/api/endpoints/gallery/posts/like.ts
index 91e49e6463..e73110648c 100644
--- a/packages/backend/src/server/api/endpoints/gallery/posts/like.ts
+++ b/packages/backend/src/server/api/endpoints/gallery/posts/like.ts
@@ -39,6 +39,12 @@ export const meta = {
 			id: '40e9ed56-a59c-473a-bf3f-f289c54fb5a7',
 		},
 	},
+
+	// 2 calls per second
+	limit: {
+		duration: 1000,
+		max: 2,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/gallery/posts/show.ts b/packages/backend/src/server/api/endpoints/gallery/posts/show.ts
index bd69898229..fd637febaa 100644
--- a/packages/backend/src/server/api/endpoints/gallery/posts/show.ts
+++ b/packages/backend/src/server/api/endpoints/gallery/posts/show.ts
@@ -28,6 +28,12 @@ export const meta = {
 		optional: false, nullable: false,
 		ref: 'GalleryPost',
 	},
+
+	// 10 calls per 5 seconds
+	limit: {
+		duration: 1000 * 5,
+		max: 10,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/gallery/posts/unlike.ts b/packages/backend/src/server/api/endpoints/gallery/posts/unlike.ts
index f44e2c7afc..b0fad1eff2 100644
--- a/packages/backend/src/server/api/endpoints/gallery/posts/unlike.ts
+++ b/packages/backend/src/server/api/endpoints/gallery/posts/unlike.ts
@@ -33,6 +33,12 @@ export const meta = {
 			id: 'e3e8e06e-be37-41f7-a5b4-87a8250288f0',
 		},
 	},
+
+	// 2 calls per second
+	limit: {
+		duration: 1000,
+		max: 2,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/get-avatar-decorations.ts b/packages/backend/src/server/api/endpoints/get-avatar-decorations.ts
index 52acee1cfb..adc46b2f63 100644
--- a/packages/backend/src/server/api/endpoints/get-avatar-decorations.ts
+++ b/packages/backend/src/server/api/endpoints/get-avatar-decorations.ts
@@ -52,6 +52,12 @@ export const meta = {
 			},
 		},
 	},
+
+	// 2 calls per second
+	limit: {
+		duration: 1000,
+		max: 2,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/get-online-users-count.ts b/packages/backend/src/server/api/endpoints/get-online-users-count.ts
index a57774be73..ede777c890 100644
--- a/packages/backend/src/server/api/endpoints/get-online-users-count.ts
+++ b/packages/backend/src/server/api/endpoints/get-online-users-count.ts
@@ -26,6 +26,12 @@ export const meta = {
 			},
 		},
 	},
+
+	// 2 calls per second
+	limit: {
+		duration: 1000,
+		max: 2,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/hashtags/list.ts b/packages/backend/src/server/api/endpoints/hashtags/list.ts
index 5cd3c6584d..f378c5558e 100644
--- a/packages/backend/src/server/api/endpoints/hashtags/list.ts
+++ b/packages/backend/src/server/api/endpoints/hashtags/list.ts
@@ -23,6 +23,12 @@ export const meta = {
 			ref: 'Hashtag',
 		},
 	},
+
+	// 2 calls per second
+	limit: {
+		duration: 1000,
+		max: 2,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/hashtags/search.ts b/packages/backend/src/server/api/endpoints/hashtags/search.ts
index d4eb851054..ae6c98faf1 100644
--- a/packages/backend/src/server/api/endpoints/hashtags/search.ts
+++ b/packages/backend/src/server/api/endpoints/hashtags/search.ts
@@ -22,6 +22,12 @@ export const meta = {
 			optional: false, nullable: false,
 		},
 	},
+
+	// 2 calls per second
+	limit: {
+		duration: 1000,
+		max: 2,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/hashtags/show.ts b/packages/backend/src/server/api/endpoints/hashtags/show.ts
index 940e3bd69d..588f76fbb5 100644
--- a/packages/backend/src/server/api/endpoints/hashtags/show.ts
+++ b/packages/backend/src/server/api/endpoints/hashtags/show.ts
@@ -29,6 +29,12 @@ export const meta = {
 			id: '110ee688-193e-4a3a-9ecf-c167b2e6981e',
 		},
 	},
+
+	// 2 calls per second
+	limit: {
+		duration: 1000,
+		max: 2,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/hashtags/trend.ts b/packages/backend/src/server/api/endpoints/hashtags/trend.ts
index cb8065e3a6..57db4f3e6e 100644
--- a/packages/backend/src/server/api/endpoints/hashtags/trend.ts
+++ b/packages/backend/src/server/api/endpoints/hashtags/trend.ts
@@ -42,6 +42,12 @@ export const meta = {
 			},
 		},
 	},
+
+	// 2 calls per second
+	limit: {
+		duration: 1000,
+		max: 2,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/hashtags/users.ts b/packages/backend/src/server/api/endpoints/hashtags/users.ts
index 30f0c1b0c8..eb2289960a 100644
--- a/packages/backend/src/server/api/endpoints/hashtags/users.ts
+++ b/packages/backend/src/server/api/endpoints/hashtags/users.ts
@@ -25,6 +25,12 @@ export const meta = {
 			ref: 'UserDetailed',
 		},
 	},
+
+	// 2 calls per second
+	limit: {
+		duration: 1000,
+		max: 2,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/i.ts b/packages/backend/src/server/api/endpoints/i.ts
index d324e3e64a..9347c9ca27 100644
--- a/packages/backend/src/server/api/endpoints/i.ts
+++ b/packages/backend/src/server/api/endpoints/i.ts
@@ -30,6 +30,12 @@ export const meta = {
 			kind: 'permission',
 		},
 	},
+
+	// 3 calls per second
+	limit: {
+		duration: 1000,
+		max: 3,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/i/2fa/done.ts b/packages/backend/src/server/api/endpoints/i/2fa/done.ts
index 2a30e8b0c3..34b6907338 100644
--- a/packages/backend/src/server/api/endpoints/i/2fa/done.ts
+++ b/packages/backend/src/server/api/endpoints/i/2fa/done.ts
@@ -10,6 +10,7 @@ import { UserEntityService } from '@/core/entities/UserEntityService.js';
 import type { UserProfilesRepository } from '@/models/_.js';
 import { GlobalEventService } from '@/core/GlobalEventService.js';
 import { DI } from '@/di-symbols.js';
+import ms from 'ms';
 
 export const meta = {
 	requireCredential: true,
@@ -28,6 +29,12 @@ export const meta = {
 			},
 		},
 	},
+
+	limit: {
+		duration: ms('1hour'),
+		max: 10,
+		minInterval: ms('1sec'),
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/i/2fa/password-less.ts b/packages/backend/src/server/api/endpoints/i/2fa/password-less.ts
index bf039ccd16..a1c965f603 100644
--- a/packages/backend/src/server/api/endpoints/i/2fa/password-less.ts
+++ b/packages/backend/src/server/api/endpoints/i/2fa/password-less.ts
@@ -10,6 +10,7 @@ import type { UserProfilesRepository, UserSecurityKeysRepository } from '@/model
 import { GlobalEventService } from '@/core/GlobalEventService.js';
 import { DI } from '@/di-symbols.js';
 import { ApiError } from '../../../error.js';
+import ms from 'ms';
 
 export const meta = {
 	requireCredential: true,
@@ -23,6 +24,12 @@ export const meta = {
 			id: 'f9c54d7f-d4c2-4d3c-9a8g-a70daac86512',
 		},
 	},
+
+	limit: {
+		duration: ms('1hour'),
+		max: 10,
+		minInterval: ms('1sec'),
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/i/2fa/update-key.ts b/packages/backend/src/server/api/endpoints/i/2fa/update-key.ts
index deb56a3ac4..eb8a63b3dc 100644
--- a/packages/backend/src/server/api/endpoints/i/2fa/update-key.ts
+++ b/packages/backend/src/server/api/endpoints/i/2fa/update-key.ts
@@ -11,6 +11,7 @@ import { UserEntityService } from '@/core/entities/UserEntityService.js';
 import { GlobalEventService } from '@/core/GlobalEventService.js';
 import { DI } from '@/di-symbols.js';
 import { ApiError } from '../../../error.js';
+import ms from 'ms';
 
 export const meta = {
 	requireCredential: true,
@@ -30,6 +31,12 @@ export const meta = {
 			id: '1fb7cb09-d46a-4fff-b8df-057708cce513',
 		},
 	},
+
+	limit: {
+		duration: ms('1hour'),
+		max: 10,
+		minInterval: ms('1sec'),
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/i/apps.ts b/packages/backend/src/server/api/endpoints/i/apps.ts
index 91c8597b1b..661fa257a6 100644
--- a/packages/backend/src/server/api/endpoints/i/apps.ts
+++ b/packages/backend/src/server/api/endpoints/i/apps.ts
@@ -49,6 +49,12 @@ export const meta = {
 			},
 		},
 	},
+
+	// 2 calls per second
+	limit: {
+		duration: 1000,
+		max: 2,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/i/authorized-apps.ts b/packages/backend/src/server/api/endpoints/i/authorized-apps.ts
index 0b4faf5ef8..447fd18dcf 100644
--- a/packages/backend/src/server/api/endpoints/i/authorized-apps.ts
+++ b/packages/backend/src/server/api/endpoints/i/authorized-apps.ts
@@ -48,6 +48,12 @@ export const meta = {
 			},
 		},
 	},
+
+	// 2 calls per second
+	limit: {
+		duration: 1000,
+		max: 2,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/i/claim-achievement.ts b/packages/backend/src/server/api/endpoints/i/claim-achievement.ts
index 603df44733..ebb25ebf1c 100644
--- a/packages/backend/src/server/api/endpoints/i/claim-achievement.ts
+++ b/packages/backend/src/server/api/endpoints/i/claim-achievement.ts
@@ -13,6 +13,12 @@ export const meta = {
 	requireCredential: true,
 	prohibitMoved: true,
 	kind: 'write:account',
+
+	// 10 calls per 5 seconds
+	limit: {
+		duration: 1000 * 5,
+		max: 10,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/i/favorites.ts b/packages/backend/src/server/api/endpoints/i/favorites.ts
index 3558035eca..49d47e1624 100644
--- a/packages/backend/src/server/api/endpoints/i/favorites.ts
+++ b/packages/backend/src/server/api/endpoints/i/favorites.ts
@@ -26,6 +26,12 @@ export const meta = {
 			ref: 'NoteFavorite',
 		},
 	},
+
+	// 10 calls per 5 seconds
+	limit: {
+		duration: 1000 * 5,
+		max: 10,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/i/gallery/likes.ts b/packages/backend/src/server/api/endpoints/i/gallery/likes.ts
index d492585ffa..9baa01ae1e 100644
--- a/packages/backend/src/server/api/endpoints/i/gallery/likes.ts
+++ b/packages/backend/src/server/api/endpoints/i/gallery/likes.ts
@@ -37,6 +37,12 @@ export const meta = {
 			},
 		},
 	},
+
+	// 10 calls per 5 seconds
+	limit: {
+		duration: 1000 * 5,
+		max: 10,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/i/gallery/posts.ts b/packages/backend/src/server/api/endpoints/i/gallery/posts.ts
index 73a6fcc98b..350491a73a 100644
--- a/packages/backend/src/server/api/endpoints/i/gallery/posts.ts
+++ b/packages/backend/src/server/api/endpoints/i/gallery/posts.ts
@@ -26,6 +26,12 @@ export const meta = {
 			ref: 'GalleryPost',
 		},
 	},
+
+	// 10 calls per 5 seconds
+	limit: {
+		duration: 1000 * 5,
+		max: 10,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/i/page-likes.ts b/packages/backend/src/server/api/endpoints/i/page-likes.ts
index d4c09426a7..19baa9726d 100644
--- a/packages/backend/src/server/api/endpoints/i/page-likes.ts
+++ b/packages/backend/src/server/api/endpoints/i/page-likes.ts
@@ -36,6 +36,12 @@ export const meta = {
 			},
 		},
 	},
+
+	// 10 calls per 5 seconds
+	limit: {
+		duration: 1000 * 5,
+		max: 10,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/i/pages.ts b/packages/backend/src/server/api/endpoints/i/pages.ts
index 1b6359a633..65a19ac5ab 100644
--- a/packages/backend/src/server/api/endpoints/i/pages.ts
+++ b/packages/backend/src/server/api/endpoints/i/pages.ts
@@ -26,6 +26,12 @@ export const meta = {
 			ref: 'Page',
 		},
 	},
+
+	// 10 calls per 5 seconds
+	limit: {
+		duration: 1000 * 5,
+		max: 10,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/i/pin.ts b/packages/backend/src/server/api/endpoints/i/pin.ts
index b7cafd74df..e324485277 100644
--- a/packages/backend/src/server/api/endpoints/i/pin.ts
+++ b/packages/backend/src/server/api/endpoints/i/pin.ts
@@ -42,6 +42,12 @@ export const meta = {
 		optional: false, nullable: false,
 		ref: 'MeDetailed',
 	},
+
+	// 10 calls per 5 seconds
+	limit: {
+		duration: 1000 * 5,
+		max: 10,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/i/read-all-unread-notes.ts b/packages/backend/src/server/api/endpoints/i/read-all-unread-notes.ts
index d1a8eccb1d..edf570fcc5 100644
--- a/packages/backend/src/server/api/endpoints/i/read-all-unread-notes.ts
+++ b/packages/backend/src/server/api/endpoints/i/read-all-unread-notes.ts
@@ -15,6 +15,12 @@ export const meta = {
 	requireCredential: true,
 
 	kind: 'write:account',
+
+	// 2 calls per second
+	limit: {
+		duration: 1000,
+		max: 2,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/i/read-announcement.ts b/packages/backend/src/server/api/endpoints/i/read-announcement.ts
index 4db1ca73c1..4111e90a19 100644
--- a/packages/backend/src/server/api/endpoints/i/read-announcement.ts
+++ b/packages/backend/src/server/api/endpoints/i/read-announcement.ts
@@ -16,6 +16,12 @@ export const meta = {
 
 	errors: {
 	},
+
+	// 10 calls per 5 seconds
+	limit: {
+		duration: 1000 * 5,
+		max: 10,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/i/registry/get-all.ts b/packages/backend/src/server/api/endpoints/i/registry/get-all.ts
index f1797cfde7..98b993d271 100644
--- a/packages/backend/src/server/api/endpoints/i/registry/get-all.ts
+++ b/packages/backend/src/server/api/endpoints/i/registry/get-all.ts
@@ -14,6 +14,12 @@ export const meta = {
 	res: {
 		type: 'object',
 	},
+
+	// 10 calls per 5 seconds
+	limit: {
+		duration: 1000 * 5,
+		max: 10,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/i/registry/get-detail.ts b/packages/backend/src/server/api/endpoints/i/registry/get-detail.ts
index d53c390460..4a3d38efa3 100644
--- a/packages/backend/src/server/api/endpoints/i/registry/get-detail.ts
+++ b/packages/backend/src/server/api/endpoints/i/registry/get-detail.ts
@@ -32,6 +32,12 @@ export const meta = {
 			},
 		},
 	},
+
+	// 10 calls per 5 seconds
+	limit: {
+		duration: 1000 * 5,
+		max: 10,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/i/registry/get-unsecure.ts b/packages/backend/src/server/api/endpoints/i/registry/get-unsecure.ts
index 3aa256077e..268c650f27 100644
--- a/packages/backend/src/server/api/endpoints/i/registry/get-unsecure.ts
+++ b/packages/backend/src/server/api/endpoints/i/registry/get-unsecure.ts
@@ -22,6 +22,12 @@ export const meta = {
 			id: 'ac3ed68a-62f0-422b-a7bc-d5e09e8f6a6a',
 		},
 	},
+
+	// 10 calls per 5 seconds
+	limit: {
+		duration: 1000 * 5,
+		max: 10,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/i/registry/get.ts b/packages/backend/src/server/api/endpoints/i/registry/get.ts
index d9a8fdd449..dff33016e0 100644
--- a/packages/backend/src/server/api/endpoints/i/registry/get.ts
+++ b/packages/backend/src/server/api/endpoints/i/registry/get.ts
@@ -22,7 +22,13 @@ export const meta = {
 
 	res: {
 		type: 'object',
-	}
+	},
+
+	// 10 calls per 5 seconds
+	limit: {
+		duration: 1000 * 5,
+		max: 10,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/i/registry/keys-with-type.ts b/packages/backend/src/server/api/endpoints/i/registry/keys-with-type.ts
index 3fe339606d..8216728549 100644
--- a/packages/backend/src/server/api/endpoints/i/registry/keys-with-type.ts
+++ b/packages/backend/src/server/api/endpoints/i/registry/keys-with-type.ts
@@ -17,6 +17,12 @@ export const meta = {
 			type: 'string',
 		},
 	},
+
+	// 2 calls per second
+	limit: {
+		duration: 1000,
+		max: 2,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/i/registry/keys.ts b/packages/backend/src/server/api/endpoints/i/registry/keys.ts
index 28f158c62d..001cd22236 100644
--- a/packages/backend/src/server/api/endpoints/i/registry/keys.ts
+++ b/packages/backend/src/server/api/endpoints/i/registry/keys.ts
@@ -17,6 +17,12 @@ export const meta = {
 			type: 'string',
 		},
 	},
+
+	// 2 calls per second
+	limit: {
+		duration: 1000,
+		max: 2,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/i/registry/remove.ts b/packages/backend/src/server/api/endpoints/i/registry/remove.ts
index cf965ba0cf..62338965e0 100644
--- a/packages/backend/src/server/api/endpoints/i/registry/remove.ts
+++ b/packages/backend/src/server/api/endpoints/i/registry/remove.ts
@@ -21,6 +21,12 @@ export const meta = {
 			id: '1fac4e8a-a6cd-4e39-a4a5-3a7e11f1b019',
 		},
 	},
+
+	// 2 calls per second
+	limit: {
+		duration: 1000,
+		max: 2,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/i/registry/scopes-with-domain.ts b/packages/backend/src/server/api/endpoints/i/registry/scopes-with-domain.ts
index 67a99b028a..f23335ed46 100644
--- a/packages/backend/src/server/api/endpoints/i/registry/scopes-with-domain.ts
+++ b/packages/backend/src/server/api/endpoints/i/registry/scopes-with-domain.ts
@@ -31,7 +31,13 @@ export const meta = {
 				},
 			},
 		},
-	}
+	},
+
+	// 2 calls per second
+	limit: {
+		duration: 1000,
+		max: 2,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/i/registry/set.ts b/packages/backend/src/server/api/endpoints/i/registry/set.ts
index 8723035d84..35414ca2a9 100644
--- a/packages/backend/src/server/api/endpoints/i/registry/set.ts
+++ b/packages/backend/src/server/api/endpoints/i/registry/set.ts
@@ -10,6 +10,12 @@ import { RegistryApiService } from '@/core/RegistryApiService.js';
 export const meta = {
 	requireCredential: true,
 	kind: 'write:account',
+
+	// 2 calls per second
+	limit: {
+		duration: 1000,
+		max: 2,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/i/revoke-token.ts b/packages/backend/src/server/api/endpoints/i/revoke-token.ts
index c05ee93c6f..07acddaa54 100644
--- a/packages/backend/src/server/api/endpoints/i/revoke-token.ts
+++ b/packages/backend/src/server/api/endpoints/i/revoke-token.ts
@@ -12,6 +12,12 @@ export const meta = {
 	requireCredential: true,
 
 	secure: true,
+
+	// 10 calls per 5 seconds
+	limit: {
+		duration: 1000 * 5,
+		max: 10,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/i/signin-history.ts b/packages/backend/src/server/api/endpoints/i/signin-history.ts
index 76ad0bbe21..8b39b87a7f 100644
--- a/packages/backend/src/server/api/endpoints/i/signin-history.ts
+++ b/packages/backend/src/server/api/endpoints/i/signin-history.ts
@@ -23,6 +23,12 @@ export const meta = {
 			ref: 'Signin',
 		},
 	},
+
+	// 2 calls per second
+	limit: {
+		duration: 1000,
+		max: 2,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/i/unpin.ts b/packages/backend/src/server/api/endpoints/i/unpin.ts
index 74825cf9f3..e88e3fbc01 100644
--- a/packages/backend/src/server/api/endpoints/i/unpin.ts
+++ b/packages/backend/src/server/api/endpoints/i/unpin.ts
@@ -29,6 +29,12 @@ export const meta = {
 		optional: false, nullable: false,
 		ref: 'MeDetailed',
 	},
+
+	// 10 calls per 5 seconds
+	limit: {
+		duration: 1000 * 5,
+		max: 10,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/i/webhooks/create.ts b/packages/backend/src/server/api/endpoints/i/webhooks/create.ts
index 6e84603f7a..b0c736937c 100644
--- a/packages/backend/src/server/api/endpoints/i/webhooks/create.ts
+++ b/packages/backend/src/server/api/endpoints/i/webhooks/create.ts
@@ -55,6 +55,12 @@ export const meta = {
 			latestStatus: { type: 'integer', nullable: true },
 		},
 	},
+
+	// 2 calls per second
+	limit: {
+		duration: 1000,
+		max: 2,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/i/webhooks/delete.ts b/packages/backend/src/server/api/endpoints/i/webhooks/delete.ts
index 1b1ac00670..1b76a01ca9 100644
--- a/packages/backend/src/server/api/endpoints/i/webhooks/delete.ts
+++ b/packages/backend/src/server/api/endpoints/i/webhooks/delete.ts
@@ -24,6 +24,12 @@ export const meta = {
 			id: 'bae73e5a-5522-4965-ae19-3a8688e71d82',
 		},
 	},
+
+	// 2 calls per second
+	limit: {
+		duration: 1000,
+		max: 2,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/i/webhooks/list.ts b/packages/backend/src/server/api/endpoints/i/webhooks/list.ts
index 394c178f2a..f1c0f53fec 100644
--- a/packages/backend/src/server/api/endpoints/i/webhooks/list.ts
+++ b/packages/backend/src/server/api/endpoints/i/webhooks/list.ts
@@ -46,6 +46,12 @@ export const meta = {
 			},
 		},
 	},
+
+	// 2 calls per second
+	limit: {
+		duration: 1000,
+		max: 2,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/i/webhooks/show.ts b/packages/backend/src/server/api/endpoints/i/webhooks/show.ts
index 4a0c09ff0c..5c7c84a73c 100644
--- a/packages/backend/src/server/api/endpoints/i/webhooks/show.ts
+++ b/packages/backend/src/server/api/endpoints/i/webhooks/show.ts
@@ -52,6 +52,12 @@ export const meta = {
 			latestStatus: { type: 'integer', nullable: true },
 		},
 	},
+
+	// 10 calls per 5 seconds
+	limit: {
+		duration: 1000 * 5,
+		max: 10,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/i/webhooks/update.ts b/packages/backend/src/server/api/endpoints/i/webhooks/update.ts
index 07a25bd82a..632fd2b671 100644
--- a/packages/backend/src/server/api/endpoints/i/webhooks/update.ts
+++ b/packages/backend/src/server/api/endpoints/i/webhooks/update.ts
@@ -26,6 +26,11 @@ export const meta = {
 		},
 	},
 
+	// 2 calls per second
+	limit: {
+		duration: 1000,
+		max: 2,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/invite/create.ts b/packages/backend/src/server/api/endpoints/invite/create.ts
index a70b587da7..d661eab364 100644
--- a/packages/backend/src/server/api/endpoints/invite/create.ts
+++ b/packages/backend/src/server/api/endpoints/invite/create.ts
@@ -34,6 +34,12 @@ export const meta = {
 		optional: false, nullable: false,
 		ref: 'InviteCode',
 	},
+
+	// 2 calls per second
+	limit: {
+		duration: 1000,
+		max: 2,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/invite/delete.ts b/packages/backend/src/server/api/endpoints/invite/delete.ts
index e960ff9f4e..408200164c 100644
--- a/packages/backend/src/server/api/endpoints/invite/delete.ts
+++ b/packages/backend/src/server/api/endpoints/invite/delete.ts
@@ -36,6 +36,12 @@ export const meta = {
 			id: '5eb8d909-2540-4970-90b8-dd6f86088121',
 		},
 	},
+
+	// 2 calls per second
+	limit: {
+		duration: 1000,
+		max: 2,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/invite/limit.ts b/packages/backend/src/server/api/endpoints/invite/limit.ts
index 2ffd41ae28..8d92c4957c 100644
--- a/packages/backend/src/server/api/endpoints/invite/limit.ts
+++ b/packages/backend/src/server/api/endpoints/invite/limit.ts
@@ -28,6 +28,12 @@ export const meta = {
 			},
 		},
 	},
+
+	// 5 calls per second
+	limit: {
+		duration: 1000,
+		max: 2,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/invite/list.ts b/packages/backend/src/server/api/endpoints/invite/list.ts
index 23aefe83a2..b63b41edd3 100644
--- a/packages/backend/src/server/api/endpoints/invite/list.ts
+++ b/packages/backend/src/server/api/endpoints/invite/list.ts
@@ -26,6 +26,12 @@ export const meta = {
 			ref: 'InviteCode',
 		},
 	},
+
+	// 2 calls per second
+	limit: {
+		duration: 1000,
+		max: 2,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/meta.ts b/packages/backend/src/server/api/endpoints/meta.ts
index 5460635e1d..9774fb55e6 100644
--- a/packages/backend/src/server/api/endpoints/meta.ts
+++ b/packages/backend/src/server/api/endpoints/meta.ts
@@ -19,6 +19,12 @@ export const meta = {
 			{ type: 'object', ref: 'MetaDetailed' },
 		],
 	},
+
+	// 3 calls per second
+	limit: {
+		duration: 1000,
+		max: 3,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/miauth/gen-token.ts b/packages/backend/src/server/api/endpoints/miauth/gen-token.ts
index fc9a8f3ebe..c42df7ca80 100644
--- a/packages/backend/src/server/api/endpoints/miauth/gen-token.ts
+++ b/packages/backend/src/server/api/endpoints/miauth/gen-token.ts
@@ -27,6 +27,12 @@ export const meta = {
 			},
 		},
 	},
+
+	// 10 calls per 5 seconds
+	limit: {
+		duration: 1000 * 5,
+		max: 10,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/mute/delete.ts b/packages/backend/src/server/api/endpoints/mute/delete.ts
index d11832858e..1e14bafc87 100644
--- a/packages/backend/src/server/api/endpoints/mute/delete.ts
+++ b/packages/backend/src/server/api/endpoints/mute/delete.ts
@@ -10,6 +10,7 @@ import { DI } from '@/di-symbols.js';
 import { GetterService } from '@/server/api/GetterService.js';
 import { UserMutingService } from '@/core/UserMutingService.js';
 import { ApiError } from '../../error.js';
+import ms from 'ms';
 
 export const meta = {
 	tags: ['account'],
@@ -37,6 +38,12 @@ export const meta = {
 			id: '5467d020-daa9-4553-81e1-135c0c35a96d',
 		},
 	},
+
+	// 20 calls per hour (match create)
+	limit: {
+		duration: ms('1hour'),
+		max: 20,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/mute/list.ts b/packages/backend/src/server/api/endpoints/mute/list.ts
index 23204f2829..3efbe349e0 100644
--- a/packages/backend/src/server/api/endpoints/mute/list.ts
+++ b/packages/backend/src/server/api/endpoints/mute/list.ts
@@ -26,6 +26,12 @@ export const meta = {
 			ref: 'Muting',
 		},
 	},
+
+	// 5 calls per second
+	limit: {
+		duration: 1000,
+		max: 5,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/my/apps.ts b/packages/backend/src/server/api/endpoints/my/apps.ts
index c04a92626f..3fb0d1b3b7 100644
--- a/packages/backend/src/server/api/endpoints/my/apps.ts
+++ b/packages/backend/src/server/api/endpoints/my/apps.ts
@@ -24,6 +24,12 @@ export const meta = {
 			ref: 'App',
 		},
 	},
+
+	// 2 calls per second
+	limit: {
+		duration: 1000,
+		max: 2,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/notes.ts b/packages/backend/src/server/api/endpoints/notes.ts
index 9938322a2a..f6c37023e1 100644
--- a/packages/backend/src/server/api/endpoints/notes.ts
+++ b/packages/backend/src/server/api/endpoints/notes.ts
@@ -22,6 +22,14 @@ export const meta = {
 			ref: 'Note',
 		},
 	},
+
+	// 120 calls per minute
+	// 200 ms between calls
+	limit: {
+		duration: 1000 * 60,
+		max: 120,
+		minInterval: 200,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/notes/bubble-timeline.ts b/packages/backend/src/server/api/endpoints/notes/bubble-timeline.ts
index 94ec8c37ec..d36d1dfc15 100644
--- a/packages/backend/src/server/api/endpoints/notes/bubble-timeline.ts
+++ b/packages/backend/src/server/api/endpoints/notes/bubble-timeline.ts
@@ -30,6 +30,12 @@ export const meta = {
 			id: '0332fc13-6ab2-4427-ae80-a9fadffd1a6c',
 		},
 	},
+
+	// 10 calls per 5 seconds
+	limit: {
+		duration: 1000 * 5,
+		max: 10,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/notes/children.ts b/packages/backend/src/server/api/endpoints/notes/children.ts
index 2654e196b2..e69ba9be7e 100644
--- a/packages/backend/src/server/api/endpoints/notes/children.ts
+++ b/packages/backend/src/server/api/endpoints/notes/children.ts
@@ -25,6 +25,12 @@ export const meta = {
 			ref: 'Note',
 		},
 	},
+
+	// 10 calls per 5 seconds
+	limit: {
+		duration: 1000 * 5,
+		max: 10,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/notes/clips.ts b/packages/backend/src/server/api/endpoints/notes/clips.ts
index 29cab9f212..b3dcdcef12 100644
--- a/packages/backend/src/server/api/endpoints/notes/clips.ts
+++ b/packages/backend/src/server/api/endpoints/notes/clips.ts
@@ -34,6 +34,12 @@ export const meta = {
 			id: '47db1a1c-b0af-458d-8fb4-986e4efafe1e',
 		},
 	},
+
+	// 10 calls per 5 seconds
+	limit: {
+		duration: 1000 * 5,
+		max: 10,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/notes/conversation.ts b/packages/backend/src/server/api/endpoints/notes/conversation.ts
index 37bc5cc878..80aea580ec 100644
--- a/packages/backend/src/server/api/endpoints/notes/conversation.ts
+++ b/packages/backend/src/server/api/endpoints/notes/conversation.ts
@@ -34,6 +34,12 @@ export const meta = {
 			id: 'e1035875-9551-45ec-afa8-1ded1fcb53c8',
 		},
 	},
+
+	// 10 calls per 5 seconds
+	limit: {
+		duration: 1000 * 5,
+		max: 10,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/notes/favorites/delete.ts b/packages/backend/src/server/api/endpoints/notes/favorites/delete.ts
index 2036facdba..19a6a5af54 100644
--- a/packages/backend/src/server/api/endpoints/notes/favorites/delete.ts
+++ b/packages/backend/src/server/api/endpoints/notes/favorites/delete.ts
@@ -9,6 +9,7 @@ import { GetterService } from '@/server/api/GetterService.js';
 import { DI } from '@/di-symbols.js';
 import type { NoteFavoritesRepository } from '@/models/_.js';
 import { ApiError } from '../../../error.js';
+import ms from 'ms';
 
 export const meta = {
 	tags: ['notes', 'favorites'],
@@ -30,6 +31,12 @@ export const meta = {
 			id: 'b625fc69-635e-45e9-86f4-dbefbef35af5',
 		},
 	},
+
+	// 20 calls per hour (match create)
+	limit: {
+		duration: ms('1hour'),
+		max: 20,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/notes/featured.ts b/packages/backend/src/server/api/endpoints/notes/featured.ts
index dcd971360d..4853489827 100644
--- a/packages/backend/src/server/api/endpoints/notes/featured.ts
+++ b/packages/backend/src/server/api/endpoints/notes/featured.ts
@@ -28,6 +28,12 @@ export const meta = {
 			ref: 'Note',
 		},
 	},
+
+	// 10 calls per 5 seconds
+	limit: {
+		duration: 1000 * 5,
+		max: 10,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/notes/following.ts b/packages/backend/src/server/api/endpoints/notes/following.ts
index b6604b9798..0d9eec463b 100644
--- a/packages/backend/src/server/api/endpoints/notes/following.ts
+++ b/packages/backend/src/server/api/endpoints/notes/following.ts
@@ -42,6 +42,12 @@ export const meta = {
 			id: '7a1b9cb6-235b-4e58-9c00-32c1796f502c',
 		},
 	},
+
+	// 10 calls per 5 seconds
+	limit: {
+		duration: 1000 * 5,
+		max: 10,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/notes/global-timeline.ts b/packages/backend/src/server/api/endpoints/notes/global-timeline.ts
index d660f3fb69..c45fcd7c5c 100644
--- a/packages/backend/src/server/api/endpoints/notes/global-timeline.ts
+++ b/packages/backend/src/server/api/endpoints/notes/global-timeline.ts
@@ -35,6 +35,12 @@ export const meta = {
 			id: '0332fc13-6ab2-4427-ae80-a9fadffd1a6b',
 		},
 	},
+
+	// 10 calls per 5 seconds
+	limit: {
+		duration: 1000 * 5,
+		max: 10,
+	},
 } as const;
 
 export const paramDef = {
@@ -98,7 +104,7 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
 			}
 
 			if (!ps.withBots) query.andWhere('user.isBot = FALSE');
-			
+
 			if (ps.withRenotes === false) {
 				query.andWhere(new Brackets(qb => {
 					qb.where('note.renoteId IS NULL');
diff --git a/packages/backend/src/server/api/endpoints/notes/hybrid-timeline.ts b/packages/backend/src/server/api/endpoints/notes/hybrid-timeline.ts
index 75be7b9888..3c66154e19 100644
--- a/packages/backend/src/server/api/endpoints/notes/hybrid-timeline.ts
+++ b/packages/backend/src/server/api/endpoints/notes/hybrid-timeline.ts
@@ -49,6 +49,12 @@ export const meta = {
 			id: 'dfaa3eb7-8002-4cb7-bcc4-1095df46656f',
 		},
 	},
+
+	// 10 calls per 5 seconds
+	limit: {
+		duration: 1000 * 5,
+		max: 10,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/notes/like.ts b/packages/backend/src/server/api/endpoints/notes/like.ts
index 593463aea0..9068de2865 100644
--- a/packages/backend/src/server/api/endpoints/notes/like.ts
+++ b/packages/backend/src/server/api/endpoints/notes/like.ts
@@ -34,6 +34,12 @@ export const meta = {
 			id: 'eaccdc08-ddef-43fe-908f-d108faad57f5',
 		},
 	},
+
+	// 2 calls per second
+	limit: {
+		duration: 1000,
+		max: 2,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/notes/local-timeline.ts b/packages/backend/src/server/api/endpoints/notes/local-timeline.ts
index d4c806d7e2..1f986079c2 100644
--- a/packages/backend/src/server/api/endpoints/notes/local-timeline.ts
+++ b/packages/backend/src/server/api/endpoints/notes/local-timeline.ts
@@ -43,6 +43,12 @@ export const meta = {
 			id: 'dd9c8400-1cb5-4eef-8a31-200c5f933793',
 		},
 	},
+
+	// 10 calls per 5 seconds
+	limit: {
+		duration: 1000 * 5,
+		max: 10,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/notes/mentions.ts b/packages/backend/src/server/api/endpoints/notes/mentions.ts
index 5558dd3a8b..38912421a4 100644
--- a/packages/backend/src/server/api/endpoints/notes/mentions.ts
+++ b/packages/backend/src/server/api/endpoints/notes/mentions.ts
@@ -27,6 +27,12 @@ export const meta = {
 			ref: 'Note',
 		},
 	},
+
+	// 10 calls per 5 seconds
+	limit: {
+		duration: 1000 * 5,
+		max: 10,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/notes/polls/recommendation.ts b/packages/backend/src/server/api/endpoints/notes/polls/recommendation.ts
index 4fd6f8682d..33a9c281b3 100644
--- a/packages/backend/src/server/api/endpoints/notes/polls/recommendation.ts
+++ b/packages/backend/src/server/api/endpoints/notes/polls/recommendation.ts
@@ -25,6 +25,12 @@ export const meta = {
 			ref: 'Note',
 		},
 	},
+
+	// 2 calls per second
+	limit: {
+		duration: 1000,
+		max: 2,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/notes/polls/refresh.ts b/packages/backend/src/server/api/endpoints/notes/polls/refresh.ts
index b96691f894..69e718fc81 100644
--- a/packages/backend/src/server/api/endpoints/notes/polls/refresh.ts
+++ b/packages/backend/src/server/api/endpoints/notes/polls/refresh.ts
@@ -45,6 +45,12 @@ export const meta = {
 			id: '85a5377e-b1e9-4617-b0b9-5bea73331e49',
 		},
 	},
+
+	// 2 calls per second
+	limit: {
+		duration: 1000,
+		max: 2,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/notes/polls/vote.ts b/packages/backend/src/server/api/endpoints/notes/polls/vote.ts
index f33f49075b..a5014a490f 100644
--- a/packages/backend/src/server/api/endpoints/notes/polls/vote.ts
+++ b/packages/backend/src/server/api/endpoints/notes/polls/vote.ts
@@ -63,6 +63,12 @@ export const meta = {
 			id: '85a5377e-b1e9-4617-b0b9-5bea73331e49',
 		},
 	},
+
+	// 10 calls per 5 seconds
+	limit: {
+		duration: 1000 * 5,
+		max: 10,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/notes/reactions.ts b/packages/backend/src/server/api/endpoints/notes/reactions.ts
index 7e334df93e..e683cc87bd 100644
--- a/packages/backend/src/server/api/endpoints/notes/reactions.ts
+++ b/packages/backend/src/server/api/endpoints/notes/reactions.ts
@@ -37,6 +37,12 @@ export const meta = {
 			id: '263fff3d-d0e1-4af4-bea7-8408059b451a',
 		},
 	},
+
+	// 10 calls per 5 seconds
+	limit: {
+		duration: 1000 * 5,
+		max: 10,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/notes/reactions/create.ts b/packages/backend/src/server/api/endpoints/notes/reactions/create.ts
index 0f0dcca605..559ca43eae 100644
--- a/packages/backend/src/server/api/endpoints/notes/reactions/create.ts
+++ b/packages/backend/src/server/api/endpoints/notes/reactions/create.ts
@@ -43,6 +43,12 @@ export const meta = {
 			id: 'eaccdc08-ddef-43fe-908f-d108faad57f5',
 		},
 	},
+
+	// 10 calls per 5 seconds
+	limit: {
+		duration: 1000 * 5,
+		max: 10,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/notes/renotes.ts b/packages/backend/src/server/api/endpoints/notes/renotes.ts
index a88c286f64..15f114266a 100644
--- a/packages/backend/src/server/api/endpoints/notes/renotes.ts
+++ b/packages/backend/src/server/api/endpoints/notes/renotes.ts
@@ -34,6 +34,13 @@ export const meta = {
 			id: '12908022-2e21-46cd-ba6a-3edaf6093f46',
 		},
 	},
+
+	// 100 calls per 10 seconds.
+	// This is high because the frontend calls this in a tight loop while loading timelines.
+	limit: {
+		duration: 1000 * 10,
+		max: 100,
+	},
 } as const;
 
 export const paramDef = {
@@ -72,7 +79,7 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
 				.leftJoinAndSelect('note.renote', 'renote')
 				.leftJoinAndSelect('reply.user', 'replyUser')
 				.leftJoinAndSelect('renote.user', 'renoteUser');
-			
+
 			if (ps.userId) {
 				query.andWhere("user.id = :userId", { userId: ps.userId });
 			}
diff --git a/packages/backend/src/server/api/endpoints/notes/replies.ts b/packages/backend/src/server/api/endpoints/notes/replies.ts
index 5f32332a6a..3f0a8157c4 100644
--- a/packages/backend/src/server/api/endpoints/notes/replies.ts
+++ b/packages/backend/src/server/api/endpoints/notes/replies.ts
@@ -24,6 +24,12 @@ export const meta = {
 			ref: 'Note',
 		},
 	},
+
+	// 10 calls per 5 seconds
+	limit: {
+		duration: 1000 * 5,
+		max: 10,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/notes/search-by-tag.ts b/packages/backend/src/server/api/endpoints/notes/search-by-tag.ts
index 2b4885a194..227ac0ebbf 100644
--- a/packages/backend/src/server/api/endpoints/notes/search-by-tag.ts
+++ b/packages/backend/src/server/api/endpoints/notes/search-by-tag.ts
@@ -27,6 +27,12 @@ export const meta = {
 			ref: 'Note',
 		},
 	},
+
+	// 2 calls per second
+	limit: {
+		duration: 1000,
+		max: 2,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/notes/search.ts b/packages/backend/src/server/api/endpoints/notes/search.ts
index e140436d6b..eca55cd085 100644
--- a/packages/backend/src/server/api/endpoints/notes/search.ts
+++ b/packages/backend/src/server/api/endpoints/notes/search.ts
@@ -32,6 +32,12 @@ export const meta = {
 			id: '0b44998d-77aa-4427-80d0-d2c9b8523011',
 		},
 	},
+
+	// 2 calls per second
+	limit: {
+		duration: 1000,
+		max: 2,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/notes/show.ts b/packages/backend/src/server/api/endpoints/notes/show.ts
index f82ba5473d..49c51cb33c 100644
--- a/packages/backend/src/server/api/endpoints/notes/show.ts
+++ b/packages/backend/src/server/api/endpoints/notes/show.ts
@@ -29,6 +29,12 @@ export const meta = {
 			id: '24fcbfc6-2e37-42b6-8388-c29b3861a08d',
 		},
 	},
+
+	// 2 calls per second
+	limit: {
+		duration: 1000,
+		max: 2,
+	},
 } as const;
 
 export const paramDef = {
@@ -44,7 +50,7 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
 	constructor(
 		@Inject(DI.notesRepository)
 		private notesRepository: NotesRepository,
-		
+
 		private noteEntityService: NoteEntityService,
 		private queryService: QueryService,
 	) {
@@ -56,7 +62,7 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
 			if (me) {
 				this.queryService.generateBlockedUserQuery(query, me);
 			}
-			
+
 			const note = await query.getOne();
 
 			if (note === null) {
diff --git a/packages/backend/src/server/api/endpoints/notes/state.ts b/packages/backend/src/server/api/endpoints/notes/state.ts
index 4c1eb86542..448e704528 100644
--- a/packages/backend/src/server/api/endpoints/notes/state.ts
+++ b/packages/backend/src/server/api/endpoints/notes/state.ts
@@ -28,6 +28,12 @@ export const meta = {
 			},
 		},
 	},
+
+	// 10 calls per second
+	limit: {
+		duration: 1000,
+		max: 10,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/notes/thread-muting/delete.ts b/packages/backend/src/server/api/endpoints/notes/thread-muting/delete.ts
index d94d6cd652..50ce4fb89a 100644
--- a/packages/backend/src/server/api/endpoints/notes/thread-muting/delete.ts
+++ b/packages/backend/src/server/api/endpoints/notes/thread-muting/delete.ts
@@ -24,6 +24,12 @@ export const meta = {
 			id: 'bddd57ac-ceb3-b29d-4334-86ea5fae481a',
 		},
 	},
+
+	// 10 calls per hour (match create)
+	limit: {
+		duration: 1000 * 60 * 60,
+		max: 10,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/notes/timeline.ts b/packages/backend/src/server/api/endpoints/notes/timeline.ts
index d40a04c1b1..5a46f66f9e 100644
--- a/packages/backend/src/server/api/endpoints/notes/timeline.ts
+++ b/packages/backend/src/server/api/endpoints/notes/timeline.ts
@@ -32,6 +32,12 @@ export const meta = {
 			ref: 'Note',
 		},
 	},
+
+	// 10 calls per 5 seconds
+	limit: {
+		duration: 1000 * 5,
+		max: 10,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/notes/translate.ts b/packages/backend/src/server/api/endpoints/notes/translate.ts
index 234248db5c..61a511510c 100644
--- a/packages/backend/src/server/api/endpoints/notes/translate.ts
+++ b/packages/backend/src/server/api/endpoints/notes/translate.ts
@@ -46,6 +46,12 @@ export const meta = {
 			id: 'ea29f2ca-c368-43b3-aaf1-5ac3e74bbe5d',
 		},
 	},
+
+	// 10 calls per 5 seconds
+	limit: {
+		duration: 1000 * 5,
+		max: 10,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/notes/user-list-timeline.ts b/packages/backend/src/server/api/endpoints/notes/user-list-timeline.ts
index 87f9b322a6..55cda135e2 100644
--- a/packages/backend/src/server/api/endpoints/notes/user-list-timeline.ts
+++ b/packages/backend/src/server/api/endpoints/notes/user-list-timeline.ts
@@ -39,6 +39,12 @@ export const meta = {
 			id: '8fb1fbd5-e476-4c37-9fb0-43d55b63a2ff',
 		},
 	},
+
+	// 10 calls per 5 seconds
+	limit: {
+		duration: 1000 * 5,
+		max: 10,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/notes/versions.ts b/packages/backend/src/server/api/endpoints/notes/versions.ts
index 2b774ae2b0..343417f0e2 100644
--- a/packages/backend/src/server/api/endpoints/notes/versions.ts
+++ b/packages/backend/src/server/api/endpoints/notes/versions.ts
@@ -28,6 +28,12 @@ export const meta = {
 			id: '24fcbfc6-2e37-42b6-8388-c29b3861a08d',
 		},
 	},
+
+	// 10 calls per 5 seconds
+	limit: {
+		duration: 1000 * 5,
+		max: 10,
+	},
 } as const;
 
 export const paramDef = {
@@ -43,7 +49,7 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
 	constructor(
 		@Inject(DI.notesRepository)
 		private notesRepository: NotesRepository,
-		
+
 		private getterService: GetterService,
 		private queryService: QueryService,
 	) {
@@ -53,7 +59,7 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
 				.where('note.id = :noteId', { noteId: ps.noteId });
 
 			this.queryService.generateVisibilityQuery(query, me);
-			
+
 			const note = await query.getOne();
 
 			if (note === null) {
diff --git a/packages/backend/src/server/api/endpoints/notifications/flush.ts b/packages/backend/src/server/api/endpoints/notifications/flush.ts
index 47c0642fd1..ab78435b89 100644
--- a/packages/backend/src/server/api/endpoints/notifications/flush.ts
+++ b/packages/backend/src/server/api/endpoints/notifications/flush.ts
@@ -13,6 +13,12 @@ export const meta = {
 	requireCredential: true,
 
 	kind: 'write:notifications',
+
+	// 2 calls per 10 seconds
+	limit: {
+		duration: 1000 * 10,
+		max: 2,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/notifications/mark-all-as-read.ts b/packages/backend/src/server/api/endpoints/notifications/mark-all-as-read.ts
index 6565125c00..bc83f8d794 100644
--- a/packages/backend/src/server/api/endpoints/notifications/mark-all-as-read.ts
+++ b/packages/backend/src/server/api/endpoints/notifications/mark-all-as-read.ts
@@ -13,6 +13,12 @@ export const meta = {
 	requireCredential: true,
 
 	kind: 'write:notifications',
+
+	// 2 calls per 10 seconds
+	limit: {
+		duration: 1000 * 10,
+		max: 2,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/page-push.ts b/packages/backend/src/server/api/endpoints/page-push.ts
index ce454ab24a..61f9862734 100644
--- a/packages/backend/src/server/api/endpoints/page-push.ts
+++ b/packages/backend/src/server/api/endpoints/page-push.ts
@@ -22,6 +22,12 @@ export const meta = {
 			id: '4a13ad31-6729-46b4-b9af-e86b265c2e74',
 		},
 	},
+
+	// 120 calls per minute
+	limit: {
+		duration: 1000 * 60,
+		max: 120,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/pages/delete.ts b/packages/backend/src/server/api/endpoints/pages/delete.ts
index f2bc946788..c2c3215f49 100644
--- a/packages/backend/src/server/api/endpoints/pages/delete.ts
+++ b/packages/backend/src/server/api/endpoints/pages/delete.ts
@@ -10,6 +10,7 @@ import { DI } from '@/di-symbols.js';
 import { ModerationLogService } from '@/core/ModerationLogService.js';
 import { RoleService } from '@/core/RoleService.js';
 import { ApiError } from '../../error.js';
+import ms from 'ms';
 
 export const meta = {
 	tags: ['pages'],
@@ -31,6 +32,12 @@ export const meta = {
 			id: '8b741b3e-2c22-44b3-a15f-29949aa1601e',
 		},
 	},
+
+	// 300 calls per hour (match update)
+	limit: {
+		duration: ms('1hour'),
+		max: 300,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/pages/featured.ts b/packages/backend/src/server/api/endpoints/pages/featured.ts
index a47b69e56e..1886e7be28 100644
--- a/packages/backend/src/server/api/endpoints/pages/featured.ts
+++ b/packages/backend/src/server/api/endpoints/pages/featured.ts
@@ -23,6 +23,12 @@ export const meta = {
 			ref: 'Page',
 		},
 	},
+
+	// 2 calls per second
+	limit: {
+		duration: 1000,
+		max: 2,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/pages/like.ts b/packages/backend/src/server/api/endpoints/pages/like.ts
index 11eed693ad..b92faec5e2 100644
--- a/packages/backend/src/server/api/endpoints/pages/like.ts
+++ b/packages/backend/src/server/api/endpoints/pages/like.ts
@@ -38,6 +38,12 @@ export const meta = {
 			id: 'd4c1edbe-7da2-4eae-8714-1acfd2d63941',
 		},
 	},
+
+	// 2 calls per second
+	limit: {
+		duration: 1000,
+		max: 2,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/pages/show.ts b/packages/backend/src/server/api/endpoints/pages/show.ts
index e08b832a3f..b763a471fa 100644
--- a/packages/backend/src/server/api/endpoints/pages/show.ts
+++ b/packages/backend/src/server/api/endpoints/pages/show.ts
@@ -30,6 +30,12 @@ export const meta = {
 			id: '222120c0-3ead-4528-811b-b96f233388d7',
 		},
 	},
+
+	// 5 calls per second
+	limit: {
+		duration: 1000,
+		max: 5,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/pages/unlike.ts b/packages/backend/src/server/api/endpoints/pages/unlike.ts
index 70c965e0ad..727535bb4e 100644
--- a/packages/backend/src/server/api/endpoints/pages/unlike.ts
+++ b/packages/backend/src/server/api/endpoints/pages/unlike.ts
@@ -31,6 +31,12 @@ export const meta = {
 			id: 'f5e586b0-ce93-4050-b0e3-7f31af5259ee',
 		},
 	},
+
+	// 2 calls per second
+	limit: {
+		duration: 1000,
+		max: 2,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/ping.ts b/packages/backend/src/server/api/endpoints/ping.ts
index e218a8f755..ed6f5207a0 100644
--- a/packages/backend/src/server/api/endpoints/ping.ts
+++ b/packages/backend/src/server/api/endpoints/ping.ts
@@ -21,6 +21,12 @@ export const meta = {
 			},
 		},
 	},
+
+	// 3 calls per second
+	limit: {
+		duration: 1000,
+		max: 3,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/pinned-users.ts b/packages/backend/src/server/api/endpoints/pinned-users.ts
index 5b0b656c63..2e89d81404 100644
--- a/packages/backend/src/server/api/endpoints/pinned-users.ts
+++ b/packages/backend/src/server/api/endpoints/pinned-users.ts
@@ -26,6 +26,12 @@ export const meta = {
 			ref: 'UserDetailed',
 		},
 	},
+
+	// 2 calls per second
+	limit: {
+		duration: 1000,
+		max: 2,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/promo/read.ts b/packages/backend/src/server/api/endpoints/promo/read.ts
index 9f7d078014..2c31291243 100644
--- a/packages/backend/src/server/api/endpoints/promo/read.ts
+++ b/packages/backend/src/server/api/endpoints/promo/read.ts
@@ -24,6 +24,12 @@ export const meta = {
 			id: 'd785b897-fcd3-4fe9-8fc3-b85c26e6c932',
 		},
 	},
+
+	// 10 calls per 2 seconds
+	limit: {
+		duration: 1000 * 2,
+		max: 10,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/renote-mute/delete.ts b/packages/backend/src/server/api/endpoints/renote-mute/delete.ts
index 1a584b8404..074fcbb56c 100644
--- a/packages/backend/src/server/api/endpoints/renote-mute/delete.ts
+++ b/packages/backend/src/server/api/endpoints/renote-mute/delete.ts
@@ -37,6 +37,12 @@ export const meta = {
 			id: '2e4ef874-8bf0-4b4b-b069-4598f6d05817',
 		},
 	},
+
+	// 20 calls per hour (match create)
+	limit: {
+		duration: 1000 * 60 * 60,
+		max: 20,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/renote-mute/list.ts b/packages/backend/src/server/api/endpoints/renote-mute/list.ts
index 3be01f989a..aabee237f4 100644
--- a/packages/backend/src/server/api/endpoints/renote-mute/list.ts
+++ b/packages/backend/src/server/api/endpoints/renote-mute/list.ts
@@ -26,6 +26,12 @@ export const meta = {
 			ref: 'RenoteMuting',
 		},
 	},
+
+	// 2 calls per second
+	limit: {
+		duration: 1000,
+		max: 2,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/reset-db.ts b/packages/backend/src/server/api/endpoints/reset-db.ts
index 67d5fabd86..bf40e1e3e0 100644
--- a/packages/backend/src/server/api/endpoints/reset-db.ts
+++ b/packages/backend/src/server/api/endpoints/reset-db.ts
@@ -20,6 +20,12 @@ export const meta = {
 	errors: {
 
 	},
+
+	// 2 calls per second
+	limit: {
+		duration: 1000,
+		max: 2,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/reset-password.ts b/packages/backend/src/server/api/endpoints/reset-password.ts
index 1639b57bc5..d9240dec5e 100644
--- a/packages/backend/src/server/api/endpoints/reset-password.ts
+++ b/packages/backend/src/server/api/endpoints/reset-password.ts
@@ -21,6 +21,12 @@ export const meta = {
 	errors: {
 
 	},
+
+	// 2 calls per 30 minutes
+	limit: {
+		duration: 1000 * 60 * 30,
+		max: 2,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/retention.ts b/packages/backend/src/server/api/endpoints/retention.ts
index 4695f32042..0215af1e89 100644
--- a/packages/backend/src/server/api/endpoints/retention.ts
+++ b/packages/backend/src/server/api/endpoints/retention.ts
@@ -44,6 +44,12 @@ export const meta = {
 
 	allowGet: true,
 	cacheSec: 60 * 60,
+
+	// 2 calls per second
+	limit: {
+		duration: 1000,
+		max: 2,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/reversi/cancel-match.ts b/packages/backend/src/server/api/endpoints/reversi/cancel-match.ts
index dd6f273e01..90e7371f91 100644
--- a/packages/backend/src/server/api/endpoints/reversi/cancel-match.ts
+++ b/packages/backend/src/server/api/endpoints/reversi/cancel-match.ts
@@ -14,6 +14,12 @@ export const meta = {
 
 	errors: {
 	},
+
+	// 2 calls per second
+	limit: {
+		duration: 1000,
+		max: 2,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/reversi/games.ts b/packages/backend/src/server/api/endpoints/reversi/games.ts
index 6b06068727..2cbdc26f63 100644
--- a/packages/backend/src/server/api/endpoints/reversi/games.ts
+++ b/packages/backend/src/server/api/endpoints/reversi/games.ts
@@ -19,6 +19,12 @@ export const meta = {
 		optional: false, nullable: false,
 		items: { ref: 'ReversiGameLite' },
 	},
+
+	// 2 calls per second
+	limit: {
+		duration: 1000,
+		max: 2,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/reversi/invitations.ts b/packages/backend/src/server/api/endpoints/reversi/invitations.ts
index 5b3b9da75b..b5abad73e2 100644
--- a/packages/backend/src/server/api/endpoints/reversi/invitations.ts
+++ b/packages/backend/src/server/api/endpoints/reversi/invitations.ts
@@ -19,6 +19,12 @@ export const meta = {
 		optional: false, nullable: false,
 		items: { ref: 'UserLite' },
 	},
+
+	// 2 calls per second
+	limit: {
+		duration: 1000,
+		max: 2,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/reversi/match.ts b/packages/backend/src/server/api/endpoints/reversi/match.ts
index aa8b8a7d72..7dd82182fa 100644
--- a/packages/backend/src/server/api/endpoints/reversi/match.ts
+++ b/packages/backend/src/server/api/endpoints/reversi/match.ts
@@ -34,6 +34,12 @@ export const meta = {
 		optional: true,
 		ref: 'ReversiGameDetailed',
 	},
+
+	// 2 calls per second
+	limit: {
+		duration: 1000,
+		max: 2,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/reversi/show-game.ts b/packages/backend/src/server/api/endpoints/reversi/show-game.ts
index fc3b96eb51..11931d9d3d 100644
--- a/packages/backend/src/server/api/endpoints/reversi/show-game.ts
+++ b/packages/backend/src/server/api/endpoints/reversi/show-game.ts
@@ -25,6 +25,12 @@ export const meta = {
 		optional: false, nullable: false,
 		ref: 'ReversiGameDetailed',
 	},
+
+	// 2 calls per second
+	limit: {
+		duration: 1000,
+		max: 2,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/reversi/surrender.ts b/packages/backend/src/server/api/endpoints/reversi/surrender.ts
index 75e5372862..2b6af532e5 100644
--- a/packages/backend/src/server/api/endpoints/reversi/surrender.ts
+++ b/packages/backend/src/server/api/endpoints/reversi/surrender.ts
@@ -32,6 +32,12 @@ export const meta = {
 			id: '6e04164b-a992-4c93-8489-2123069973e1',
 		},
 	},
+
+	// 2 calls per second
+	limit: {
+		duration: 1000,
+		max: 2,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/reversi/verify.ts b/packages/backend/src/server/api/endpoints/reversi/verify.ts
index 981735a3d7..2f43c91d77 100644
--- a/packages/backend/src/server/api/endpoints/reversi/verify.ts
+++ b/packages/backend/src/server/api/endpoints/reversi/verify.ts
@@ -30,6 +30,12 @@ export const meta = {
 			},
 		},
 	},
+
+	// 5 calls per second
+	limit: {
+		duration: 1000,
+		max: 5,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/roles/list.ts b/packages/backend/src/server/api/endpoints/roles/list.ts
index b087aa242b..44dbe97b1d 100644
--- a/packages/backend/src/server/api/endpoints/roles/list.ts
+++ b/packages/backend/src/server/api/endpoints/roles/list.ts
@@ -24,6 +24,12 @@ export const meta = {
 			ref: 'Role',
 		},
 	},
+
+	// 2 calls per second
+	limit: {
+		duration: 1000,
+		max: 2,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/roles/notes.ts b/packages/backend/src/server/api/endpoints/roles/notes.ts
index 71f2782a5d..b3c73e0391 100644
--- a/packages/backend/src/server/api/endpoints/roles/notes.ts
+++ b/packages/backend/src/server/api/endpoints/roles/notes.ts
@@ -37,6 +37,12 @@ export const meta = {
 			ref: 'Note',
 		},
 	},
+
+	// 3 calls per second
+	limit: {
+		duration: 1000,
+		max: 3,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/roles/show.ts b/packages/backend/src/server/api/endpoints/roles/show.ts
index 38477c5e8e..dd9f9481d4 100644
--- a/packages/backend/src/server/api/endpoints/roles/show.ts
+++ b/packages/backend/src/server/api/endpoints/roles/show.ts
@@ -28,6 +28,12 @@ export const meta = {
 		optional: false, nullable: false,
 		ref: 'Role',
 	},
+
+	// 5 calls per second
+	limit: {
+		duration: 1000,
+		max: 5,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/roles/users.ts b/packages/backend/src/server/api/endpoints/roles/users.ts
index 48d350af59..774a6f889b 100644
--- a/packages/backend/src/server/api/endpoints/roles/users.ts
+++ b/packages/backend/src/server/api/endpoints/roles/users.ts
@@ -43,6 +43,12 @@ export const meta = {
 			required: ['id', 'user'],
 		},
 	},
+
+	// 2 calls per second
+	limit: {
+		duration: 1000,
+		max: 2,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/server-info.ts b/packages/backend/src/server/api/endpoints/server-info.ts
index 8301c85f2e..e765163f8e 100644
--- a/packages/backend/src/server/api/endpoints/server-info.ts
+++ b/packages/backend/src/server/api/endpoints/server-info.ts
@@ -63,6 +63,12 @@ export const meta = {
 			},
 		},
 	},
+
+	// 2 calls per second
+	limit: {
+		duration: 1000,
+		max: 2,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/sponsors.ts b/packages/backend/src/server/api/endpoints/sponsors.ts
index 2a8a461a8f..401d9292bc 100644
--- a/packages/backend/src/server/api/endpoints/sponsors.ts
+++ b/packages/backend/src/server/api/endpoints/sponsors.ts
@@ -13,6 +13,12 @@ export const meta = {
 
 	requireCredential: false,
 	requireCredentialPrivateMode: false,
+
+	// 2 calls per second
+	limit: {
+		duration: 1000,
+		max: 2,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/stats.ts b/packages/backend/src/server/api/endpoints/stats.ts
index 1e6983177f..907dddb9d3 100644
--- a/packages/backend/src/server/api/endpoints/stats.ts
+++ b/packages/backend/src/server/api/endpoints/stats.ts
@@ -49,6 +49,12 @@ export const meta = {
 			},
 		},
 	},
+
+	// 3 call per second
+	limit: {
+		duration: 1000,
+		max: 3,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/sw/register.ts b/packages/backend/src/server/api/endpoints/sw/register.ts
index fd76df2d3c..f447b5598b 100644
--- a/packages/backend/src/server/api/endpoints/sw/register.ts
+++ b/packages/backend/src/server/api/endpoints/sw/register.ts
@@ -45,6 +45,12 @@ export const meta = {
 			},
 		},
 	},
+
+	// 2 calls per second
+	limit: {
+		duration: 1000,
+		max: 2,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/sw/show-registration.ts b/packages/backend/src/server/api/endpoints/sw/show-registration.ts
index 797e4fd34d..c8783cded8 100644
--- a/packages/backend/src/server/api/endpoints/sw/show-registration.ts
+++ b/packages/backend/src/server/api/endpoints/sw/show-registration.ts
@@ -34,6 +34,12 @@ export const meta = {
 			},
 		},
 	},
+
+	// 2 calls per second
+	limit: {
+		duration: 1000,
+		max: 2,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/sw/unregister.ts b/packages/backend/src/server/api/endpoints/sw/unregister.ts
index 2edf7fab1b..aa7e03dceb 100644
--- a/packages/backend/src/server/api/endpoints/sw/unregister.ts
+++ b/packages/backend/src/server/api/endpoints/sw/unregister.ts
@@ -15,6 +15,12 @@ export const meta = {
 	requireCredential: false,
 
 	description: 'Unregister from receiving push notifications.',
+
+	// 2 calls per second
+	limit: {
+		duration: 1000,
+		max: 2,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/sw/update-registration.ts b/packages/backend/src/server/api/endpoints/sw/update-registration.ts
index 839a07c770..78b9323b7b 100644
--- a/packages/backend/src/server/api/endpoints/sw/update-registration.ts
+++ b/packages/backend/src/server/api/endpoints/sw/update-registration.ts
@@ -43,6 +43,12 @@ export const meta = {
 			id: ' b09d8066-8064-5613-efb6-0e963b21d012',
 		},
 	},
+
+	// 2 calls per second
+	limit: {
+		duration: 1000,
+		max: 2,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/test.ts b/packages/backend/src/server/api/endpoints/test.ts
index 9231f0ab94..e9ae9df2cc 100644
--- a/packages/backend/src/server/api/endpoints/test.ts
+++ b/packages/backend/src/server/api/endpoints/test.ts
@@ -40,6 +40,12 @@ export const meta = {
 			},
 		},
 	},
+
+	// 2 calls per second
+	limit: {
+		duration: 1000,
+		max: 2,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/username/available.ts b/packages/backend/src/server/api/endpoints/username/available.ts
index 4944be9b05..ae7902f912 100644
--- a/packages/backend/src/server/api/endpoints/username/available.ts
+++ b/packages/backend/src/server/api/endpoints/username/available.ts
@@ -25,6 +25,12 @@ export const meta = {
 			},
 		},
 	},
+
+	// 5 calls per second
+	limit: {
+		duration: 1000,
+		max: 5,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/users.ts b/packages/backend/src/server/api/endpoints/users.ts
index e845853017..089d346cd2 100644
--- a/packages/backend/src/server/api/endpoints/users.ts
+++ b/packages/backend/src/server/api/endpoints/users.ts
@@ -24,6 +24,12 @@ export const meta = {
 			ref: 'UserDetailed',
 		},
 	},
+
+	// 2 calls per second
+	limit: {
+		duration: 1000,
+		max: 2,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/users/achievements.ts b/packages/backend/src/server/api/endpoints/users/achievements.ts
index f7139b3684..6c0811d3f0 100644
--- a/packages/backend/src/server/api/endpoints/users/achievements.ts
+++ b/packages/backend/src/server/api/endpoints/users/achievements.ts
@@ -25,6 +25,12 @@ export const meta = {
 			},
 		},
 	},
+
+	// 5 calls per second
+	limit: {
+		duration: 1000,
+		max: 5,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/users/clips.ts b/packages/backend/src/server/api/endpoints/users/clips.ts
index 7f7d2ea8cc..a457a6c434 100644
--- a/packages/backend/src/server/api/endpoints/users/clips.ts
+++ b/packages/backend/src/server/api/endpoints/users/clips.ts
@@ -24,6 +24,12 @@ export const meta = {
 			ref: 'Clip',
 		},
 	},
+
+	// 5 calls per second
+	limit: {
+		duration: 1000,
+		max: 5,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/users/featured-notes.ts b/packages/backend/src/server/api/endpoints/users/featured-notes.ts
index e01f19ba7a..e6acae08b1 100644
--- a/packages/backend/src/server/api/endpoints/users/featured-notes.ts
+++ b/packages/backend/src/server/api/endpoints/users/featured-notes.ts
@@ -28,6 +28,12 @@ export const meta = {
 			ref: 'Note',
 		},
 	},
+
+	// 5 calls per second
+	limit: {
+		duration: 1000,
+		max: 5,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/users/flashs.ts b/packages/backend/src/server/api/endpoints/users/flashs.ts
index e5ea450215..2da46e8747 100644
--- a/packages/backend/src/server/api/endpoints/users/flashs.ts
+++ b/packages/backend/src/server/api/endpoints/users/flashs.ts
@@ -24,6 +24,12 @@ export const meta = {
 			ref: 'Flash',
 		},
 	},
+
+	// 5 calls per second
+	limit: {
+		duration: 1000,
+		max: 5,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/users/followers.ts b/packages/backend/src/server/api/endpoints/users/followers.ts
index a8b4319a61..c1617e14e5 100644
--- a/packages/backend/src/server/api/endpoints/users/followers.ts
+++ b/packages/backend/src/server/api/endpoints/users/followers.ts
@@ -44,6 +44,12 @@ export const meta = {
 			id: '3c6a84db-d619-26af-ca14-06232a21df8a',
 		},
 	},
+
+	// 2 calls per second
+	limit: {
+		duration: 1000,
+		max: 2,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/users/following.ts b/packages/backend/src/server/api/endpoints/users/following.ts
index feda5bb353..c292c6d6a3 100644
--- a/packages/backend/src/server/api/endpoints/users/following.ts
+++ b/packages/backend/src/server/api/endpoints/users/following.ts
@@ -51,6 +51,12 @@ export const meta = {
 			id: 'a2b007b9-4782-4eba-abd3-93b05ed4130d',
 		},
 	},
+
+	// 2 calls per second
+	limit: {
+		duration: 1000,
+		max: 2,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/users/gallery/posts.ts b/packages/backend/src/server/api/endpoints/users/gallery/posts.ts
index 553886374c..931685e32a 100644
--- a/packages/backend/src/server/api/endpoints/users/gallery/posts.ts
+++ b/packages/backend/src/server/api/endpoints/users/gallery/posts.ts
@@ -24,6 +24,12 @@ export const meta = {
 			ref: 'GalleryPost',
 		},
 	},
+
+	// 3 calls per second
+	limit: {
+		duration: 1000,
+		max: 3,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/users/get-frequently-replied-users.ts b/packages/backend/src/server/api/endpoints/users/get-frequently-replied-users.ts
index 9248a2fa68..99568cfa12 100644
--- a/packages/backend/src/server/api/endpoints/users/get-frequently-replied-users.ts
+++ b/packages/backend/src/server/api/endpoints/users/get-frequently-replied-users.ts
@@ -47,6 +47,12 @@ export const meta = {
 			id: 'e6965129-7b2a-40a4-bae2-cd84cd434822',
 		},
 	},
+
+	// 2 calls per second
+	limit: {
+		duration: 1000,
+		max: 2,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/users/lists/create-from-public.ts b/packages/backend/src/server/api/endpoints/users/lists/create-from-public.ts
index 7e44d501ab..2be3197d88 100644
--- a/packages/backend/src/server/api/endpoints/users/lists/create-from-public.ts
+++ b/packages/backend/src/server/api/endpoints/users/lists/create-from-public.ts
@@ -60,6 +60,12 @@ export const meta = {
 			id: '1845ea77-38d1-426e-8e4e-8b83b24f5bd7',
 		},
 	},
+
+	// 5 calls per second
+	limit: {
+		duration: 1000,
+		max: 5,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/users/lists/create.ts b/packages/backend/src/server/api/endpoints/users/lists/create.ts
index 7daf05ba4e..c3ea392e89 100644
--- a/packages/backend/src/server/api/endpoints/users/lists/create.ts
+++ b/packages/backend/src/server/api/endpoints/users/lists/create.ts
@@ -37,6 +37,12 @@ export const meta = {
 			id: '0cf21a28-7715-4f39-a20d-777bfdb8d138',
 		},
 	},
+
+	// 5 calls per second
+	limit: {
+		duration: 1000,
+		max: 5,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/users/lists/delete.ts b/packages/backend/src/server/api/endpoints/users/lists/delete.ts
index dc0d28a0eb..941ce77877 100644
--- a/packages/backend/src/server/api/endpoints/users/lists/delete.ts
+++ b/packages/backend/src/server/api/endpoints/users/lists/delete.ts
@@ -25,6 +25,12 @@ export const meta = {
 			id: '78436795-db79-42f5-b1e2-55ea2cf19166',
 		},
 	},
+
+	// 5 calls per second
+	limit: {
+		duration: 1000,
+		max: 5,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/users/lists/favorite.ts b/packages/backend/src/server/api/endpoints/users/lists/favorite.ts
index fd142d5a01..fa898b0dc7 100644
--- a/packages/backend/src/server/api/endpoints/users/lists/favorite.ts
+++ b/packages/backend/src/server/api/endpoints/users/lists/favorite.ts
@@ -26,6 +26,12 @@ export const meta = {
 			id: '6425bba0-985b-461e-af1b-518070e72081',
 		},
 	},
+
+	// 5 calls per second
+	limit: {
+		duration: 1000,
+		max: 5,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/users/lists/get-memberships.ts b/packages/backend/src/server/api/endpoints/users/lists/get-memberships.ts
index 6d6e8d34ea..18373fdf07 100644
--- a/packages/backend/src/server/api/endpoints/users/lists/get-memberships.ts
+++ b/packages/backend/src/server/api/endpoints/users/lists/get-memberships.ts
@@ -54,6 +54,12 @@ export const meta = {
 			},
 		},
 	},
+
+	// 5 calls per second
+	limit: {
+		duration: 1000,
+		max: 5,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/users/lists/list.ts b/packages/backend/src/server/api/endpoints/users/lists/list.ts
index 4241ef1cd0..7f17863a63 100644
--- a/packages/backend/src/server/api/endpoints/users/lists/list.ts
+++ b/packages/backend/src/server/api/endpoints/users/lists/list.ts
@@ -45,6 +45,12 @@ export const meta = {
 			id: 'ab36de0e-29e9-48cb-9732-d82f1281620d',
 		},
 	},
+
+	// 5 calls per second
+	limit: {
+		duration: 1000,
+		max: 5,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/users/lists/pull.ts b/packages/backend/src/server/api/endpoints/users/lists/pull.ts
index 94f06f3bea..1eb4d4ef42 100644
--- a/packages/backend/src/server/api/endpoints/users/lists/pull.ts
+++ b/packages/backend/src/server/api/endpoints/users/lists/pull.ts
@@ -35,6 +35,12 @@ export const meta = {
 			id: '588e7f72-c744-4a61-b180-d354e912bda2',
 		},
 	},
+
+	// 5 calls per second
+	limit: {
+		duration: 1000,
+		max: 5,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/users/lists/push.ts b/packages/backend/src/server/api/endpoints/users/lists/push.ts
index c717b3959c..4ba0fea314 100644
--- a/packages/backend/src/server/api/endpoints/users/lists/push.ts
+++ b/packages/backend/src/server/api/endpoints/users/lists/push.ts
@@ -59,6 +59,12 @@ export const meta = {
 			id: '2dd9752e-a338-413d-8eec-41814430989b',
 		},
 	},
+
+	// 5 calls per second
+	limit: {
+		duration: 1000,
+		max: 5,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/users/lists/show.ts b/packages/backend/src/server/api/endpoints/users/lists/show.ts
index 8756801fe4..c7f4128b56 100644
--- a/packages/backend/src/server/api/endpoints/users/lists/show.ts
+++ b/packages/backend/src/server/api/endpoints/users/lists/show.ts
@@ -32,6 +32,12 @@ export const meta = {
 			id: '7bc05c21-1d7a-41ae-88f1-66820f4dc686',
 		},
 	},
+
+	// 5 calls per second
+	limit: {
+		duration: 1000,
+		max: 5,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/users/lists/unfavorite.ts b/packages/backend/src/server/api/endpoints/users/lists/unfavorite.ts
index 3f4bd5af8c..4d38f7d0a7 100644
--- a/packages/backend/src/server/api/endpoints/users/lists/unfavorite.ts
+++ b/packages/backend/src/server/api/endpoints/users/lists/unfavorite.ts
@@ -25,6 +25,12 @@ export const meta = {
 			id: '835c4b27-463d-4cfa-969b-a9058678d465',
 		},
 	},
+
+	// 5 calls per second
+	limit: {
+		duration: 1000,
+		max: 5,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/users/lists/update-membership.ts b/packages/backend/src/server/api/endpoints/users/lists/update-membership.ts
index 3948ae1685..0539fadd35 100644
--- a/packages/backend/src/server/api/endpoints/users/lists/update-membership.ts
+++ b/packages/backend/src/server/api/endpoints/users/lists/update-membership.ts
@@ -33,6 +33,12 @@ export const meta = {
 			id: '588e7f72-c744-4a61-b180-d354e912bda2',
 		},
 	},
+
+	// 5 calls per second
+	limit: {
+		duration: 1000,
+		max: 5,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/users/lists/update.ts b/packages/backend/src/server/api/endpoints/users/lists/update.ts
index a38f84d7b0..ad2f8c02e0 100644
--- a/packages/backend/src/server/api/endpoints/users/lists/update.ts
+++ b/packages/backend/src/server/api/endpoints/users/lists/update.ts
@@ -32,6 +32,12 @@ export const meta = {
 			id: '796666fe-3dff-4d39-becb-8a5932c1d5b7',
 		},
 	},
+
+	// 5 calls per second
+	limit: {
+		duration: 1000,
+		max: 5,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/users/notes.ts b/packages/backend/src/server/api/endpoints/users/notes.ts
index 263d062961..92d8032fa6 100644
--- a/packages/backend/src/server/api/endpoints/users/notes.ts
+++ b/packages/backend/src/server/api/endpoints/users/notes.ts
@@ -44,6 +44,12 @@ export const meta = {
 			id: '91c8cb9f-36ed-46e7-9ca2-7df96ed6e222',
 		},
 	},
+
+	// 5 calls per second
+	limit: {
+		duration: 1000,
+		max: 5,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/users/pages.ts b/packages/backend/src/server/api/endpoints/users/pages.ts
index bb7de0e0b5..3cb958066e 100644
--- a/packages/backend/src/server/api/endpoints/users/pages.ts
+++ b/packages/backend/src/server/api/endpoints/users/pages.ts
@@ -24,6 +24,12 @@ export const meta = {
 			ref: 'Page',
 		},
 	},
+
+	// 5 calls per second
+	limit: {
+		duration: 1000,
+		max: 2,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/users/reactions.ts b/packages/backend/src/server/api/endpoints/users/reactions.ts
index 7805ae3288..49c1190197 100644
--- a/packages/backend/src/server/api/endpoints/users/reactions.ts
+++ b/packages/backend/src/server/api/endpoints/users/reactions.ts
@@ -44,6 +44,12 @@ export const meta = {
 			id: '6b95fa98-8cf9-2350-e284-f0ffdb54a805',
 		},
 	},
+
+	// 5 calls per second
+	limit: {
+		duration: 1000,
+		max: 2,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/users/recommendation.ts b/packages/backend/src/server/api/endpoints/users/recommendation.ts
index 5b3b4527f7..46af1f38ac 100644
--- a/packages/backend/src/server/api/endpoints/users/recommendation.ts
+++ b/packages/backend/src/server/api/endpoints/users/recommendation.ts
@@ -29,6 +29,12 @@ export const meta = {
 			ref: 'UserDetailed',
 		},
 	},
+
+	// 2 calls per second
+	limit: {
+		duration: 1000,
+		max: 2,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/users/relation.ts b/packages/backend/src/server/api/endpoints/users/relation.ts
index 1d75437b81..e659c46713 100644
--- a/packages/backend/src/server/api/endpoints/users/relation.ts
+++ b/packages/backend/src/server/api/endpoints/users/relation.ts
@@ -108,6 +108,12 @@ export const meta = {
 			},
 		],
 	},
+
+	// 10 calls per 2 seconds
+	limit: {
+		duration: 1000 * 2,
+		max: 10,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/users/report-abuse.ts b/packages/backend/src/server/api/endpoints/users/report-abuse.ts
index 5ff6de37d2..f811020645 100644
--- a/packages/backend/src/server/api/endpoints/users/report-abuse.ts
+++ b/packages/backend/src/server/api/endpoints/users/report-abuse.ts
@@ -37,6 +37,12 @@ export const meta = {
 			id: '35e166f5-05fb-4f87-a2d5-adb42676d48f',
 		},
 	},
+
+	// 10 calls per minute
+	limit: {
+		duration: 1000 * 60,
+		max: 10,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/users/search-by-username-and-host.ts b/packages/backend/src/server/api/endpoints/users/search-by-username-and-host.ts
index 8ff952dcb5..fda56ea6fe 100644
--- a/packages/backend/src/server/api/endpoints/users/search-by-username-and-host.ts
+++ b/packages/backend/src/server/api/endpoints/users/search-by-username-and-host.ts
@@ -23,6 +23,12 @@ export const meta = {
 			ref: 'User',
 		},
 	},
+
+	// 3 calls per second
+	limit: {
+		duration: 1000,
+		max: 3,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/users/search.ts b/packages/backend/src/server/api/endpoints/users/search.ts
index 0b0136066d..2d17c91e1d 100644
--- a/packages/backend/src/server/api/endpoints/users/search.ts
+++ b/packages/backend/src/server/api/endpoints/users/search.ts
@@ -28,6 +28,12 @@ export const meta = {
 			ref: 'User',
 		},
 	},
+
+	// 3 calls per second
+	limit: {
+		duration: 1000,
+		max: 3,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/users/show.ts b/packages/backend/src/server/api/endpoints/users/show.ts
index 062326e28d..7ebca78a7d 100644
--- a/packages/backend/src/server/api/endpoints/users/show.ts
+++ b/packages/backend/src/server/api/endpoints/users/show.ts
@@ -56,6 +56,12 @@ export const meta = {
 			httpStatusCode: 404,
 		},
 	},
+
+	// 5 calls per 2 seconds
+	limit: {
+		duration: 1000 * 2,
+		max: 5,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/users/update-memo.ts b/packages/backend/src/server/api/endpoints/users/update-memo.ts
index 5a10de0c40..35369a04e8 100644
--- a/packages/backend/src/server/api/endpoints/users/update-memo.ts
+++ b/packages/backend/src/server/api/endpoints/users/update-memo.ts
@@ -25,6 +25,12 @@ export const meta = {
 			id: '6fef56f3-e765-4957-88e5-c6f65329b8a5',
 		},
 	},
+
+	// 10 calls per second
+	limit: {
+		duration: 1000,
+		max: 10,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/misskey-js/src/autogen/types.ts b/packages/misskey-js/src/autogen/types.ts
index e275e4b475..309a41645a 100644
--- a/packages/misskey-js/src/autogen/types.ts
+++ b/packages/misskey-js/src/autogen/types.ts
@@ -11042,6 +11042,12 @@ export type operations = {
           'application/json': components['schemas']['Error'];
         };
       };
+      /** @description To many requests */
+      429: {
+        content: {
+          'application/json': components['schemas']['Error'];
+        };
+      };
       /** @description Internal server error */
       500: {
         content: {
@@ -11096,6 +11102,12 @@ export type operations = {
           'application/json': components['schemas']['Error'];
         };
       };
+      /** @description To many requests */
+      429: {
+        content: {
+          'application/json': components['schemas']['Error'];
+        };
+      };
       /** @description Internal server error */
       500: {
         content: {
@@ -11161,6 +11173,12 @@ export type operations = {
           'application/json': components['schemas']['Error'];
         };
       };
+      /** @description To many requests */
+      429: {
+        content: {
+          'application/json': components['schemas']['Error'];
+        };
+      };
       /** @description Internal server error */
       500: {
         content: {
@@ -11213,6 +11231,12 @@ export type operations = {
           'application/json': components['schemas']['Error'];
         };
       };
+      /** @description To many requests */
+      429: {
+        content: {
+          'application/json': components['schemas']['Error'];
+        };
+      };
       /** @description Internal server error */
       500: {
         content: {
@@ -11259,6 +11283,12 @@ export type operations = {
           'application/json': components['schemas']['Error'];
         };
       };
+      /** @description To many requests */
+      429: {
+        content: {
+          'application/json': components['schemas']['Error'];
+        };
+      };
       /** @description Internal server error */
       500: {
         content: {
@@ -11321,6 +11351,12 @@ export type operations = {
           'application/json': components['schemas']['Error'];
         };
       };
+      /** @description To many requests */
+      429: {
+        content: {
+          'application/json': components['schemas']['Error'];
+        };
+      };
       /** @description Internal server error */
       500: {
         content: {
@@ -11375,6 +11411,12 @@ export type operations = {
           'application/json': components['schemas']['Error'];
         };
       };
+      /** @description To many requests */
+      429: {
+        content: {
+          'application/json': components['schemas']['Error'];
+        };
+      };
       /** @description Internal server error */
       500: {
         content: {
@@ -11442,6 +11484,12 @@ export type operations = {
           'application/json': components['schemas']['Error'];
         };
       };
+      /** @description To many requests */
+      429: {
+        content: {
+          'application/json': components['schemas']['Error'];
+        };
+      };
       /** @description Internal server error */
       500: {
         content: {
@@ -11624,6 +11672,12 @@ export type operations = {
           'application/json': components['schemas']['Error'];
         };
       };
+      /** @description To many requests */
+      429: {
+        content: {
+          'application/json': components['schemas']['Error'];
+        };
+      };
       /** @description Internal server error */
       500: {
         content: {
@@ -11678,6 +11732,12 @@ export type operations = {
           'application/json': components['schemas']['Error'];
         };
       };
+      /** @description To many requests */
+      429: {
+        content: {
+          'application/json': components['schemas']['Error'];
+        };
+      };
       /** @description Internal server error */
       500: {
         content: {
@@ -11730,6 +11790,12 @@ export type operations = {
           'application/json': components['schemas']['Error'];
         };
       };
+      /** @description To many requests */
+      429: {
+        content: {
+          'application/json': components['schemas']['Error'];
+        };
+      };
       /** @description Internal server error */
       500: {
         content: {
@@ -11787,6 +11853,12 @@ export type operations = {
           'application/json': components['schemas']['Error'];
         };
       };
+      /** @description To many requests */
+      429: {
+        content: {
+          'application/json': components['schemas']['Error'];
+        };
+      };
       /** @description Internal server error */
       500: {
         content: {
@@ -11845,6 +11917,12 @@ export type operations = {
           'application/json': components['schemas']['Error'];
         };
       };
+      /** @description To many requests */
+      429: {
+        content: {
+          'application/json': components['schemas']['Error'];
+        };
+      };
       /** @description Internal server error */
       500: {
         content: {
@@ -11902,6 +11980,12 @@ export type operations = {
           'application/json': components['schemas']['Error'];
         };
       };
+      /** @description To many requests */
+      429: {
+        content: {
+          'application/json': components['schemas']['Error'];
+        };
+      };
       /** @description Internal server error */
       500: {
         content: {
@@ -12080,6 +12164,12 @@ export type operations = {
           'application/json': components['schemas']['Error'];
         };
       };
+      /** @description To many requests */
+      429: {
+        content: {
+          'application/json': components['schemas']['Error'];
+        };
+      };
       /** @description Internal server error */
       500: {
         content: {
@@ -12191,6 +12281,12 @@ export type operations = {
           'application/json': components['schemas']['Error'];
         };
       };
+      /** @description To many requests */
+      429: {
+        content: {
+          'application/json': components['schemas']['Error'];
+        };
+      };
       /** @description Internal server error */
       500: {
         content: {
@@ -12243,6 +12339,12 @@ export type operations = {
           'application/json': components['schemas']['Error'];
         };
       };
+      /** @description To many requests */
+      429: {
+        content: {
+          'application/json': components['schemas']['Error'];
+        };
+      };
       /** @description Internal server error */
       500: {
         content: {
@@ -12301,6 +12403,12 @@ export type operations = {
           'application/json': components['schemas']['Error'];
         };
       };
+      /** @description To many requests */
+      429: {
+        content: {
+          'application/json': components['schemas']['Error'];
+        };
+      };
       /** @description Internal server error */
       500: {
         content: {
@@ -12359,6 +12467,12 @@ export type operations = {
           'application/json': components['schemas']['Error'];
         };
       };
+      /** @description To many requests */
+      429: {
+        content: {
+          'application/json': components['schemas']['Error'];
+        };
+      };
       /** @description Internal server error */
       500: {
         content: {
@@ -12413,6 +12527,12 @@ export type operations = {
           'application/json': components['schemas']['Error'];
         };
       };
+      /** @description To many requests */
+      429: {
+        content: {
+          'application/json': components['schemas']['Error'];
+        };
+      };
       /** @description Internal server error */
       500: {
         content: {
@@ -12484,6 +12604,12 @@ export type operations = {
           'application/json': components['schemas']['Error'];
         };
       };
+      /** @description To many requests */
+      429: {
+        content: {
+          'application/json': components['schemas']['Error'];
+        };
+      };
       /** @description Internal server error */
       500: {
         content: {
@@ -12536,6 +12662,12 @@ export type operations = {
           'application/json': components['schemas']['Error'];
         };
       };
+      /** @description To many requests */
+      429: {
+        content: {
+          'application/json': components['schemas']['Error'];
+        };
+      };
       /** @description Internal server error */
       500: {
         content: {
@@ -12599,6 +12731,12 @@ export type operations = {
           'application/json': components['schemas']['Error'];
         };
       };
+      /** @description To many requests */
+      429: {
+        content: {
+          'application/json': components['schemas']['Error'];
+        };
+      };
       /** @description Internal server error */
       500: {
         content: {
@@ -12651,6 +12789,12 @@ export type operations = {
           'application/json': components['schemas']['Error'];
         };
       };
+      /** @description To many requests */
+      429: {
+        content: {
+          'application/json': components['schemas']['Error'];
+        };
+      };
       /** @description Internal server error */
       500: {
         content: {
@@ -12703,6 +12847,12 @@ export type operations = {
           'application/json': components['schemas']['Error'];
         };
       };
+      /** @description To many requests */
+      429: {
+        content: {
+          'application/json': components['schemas']['Error'];
+        };
+      };
       /** @description Internal server error */
       500: {
         content: {
@@ -12749,6 +12899,12 @@ export type operations = {
           'application/json': components['schemas']['Error'];
         };
       };
+      /** @description To many requests */
+      429: {
+        content: {
+          'application/json': components['schemas']['Error'];
+        };
+      };
       /** @description Internal server error */
       500: {
         content: {
@@ -12813,6 +12969,12 @@ export type operations = {
           'application/json': components['schemas']['Error'];
         };
       };
+      /** @description To many requests */
+      429: {
+        content: {
+          'application/json': components['schemas']['Error'];
+        };
+      };
       /** @description Internal server error */
       500: {
         content: {
@@ -12881,6 +13043,12 @@ export type operations = {
           'application/json': components['schemas']['Error'];
         };
       };
+      /** @description To many requests */
+      429: {
+        content: {
+          'application/json': components['schemas']['Error'];
+        };
+      };
       /** @description Internal server error */
       500: {
         content: {
@@ -12943,6 +13111,12 @@ export type operations = {
           'application/json': components['schemas']['Error'];
         };
       };
+      /** @description To many requests */
+      429: {
+        content: {
+          'application/json': components['schemas']['Error'];
+        };
+      };
       /** @description Internal server error */
       500: {
         content: {
@@ -13014,6 +13188,12 @@ export type operations = {
           'application/json': components['schemas']['Error'];
         };
       };
+      /** @description To many requests */
+      429: {
+        content: {
+          'application/json': components['schemas']['Error'];
+        };
+      };
       /** @description Internal server error */
       500: {
         content: {
@@ -13081,6 +13261,12 @@ export type operations = {
           'application/json': components['schemas']['Error'];
         };
       };
+      /** @description To many requests */
+      429: {
+        content: {
+          'application/json': components['schemas']['Error'];
+        };
+      };
       /** @description Internal server error */
       500: {
         content: {
@@ -13179,6 +13365,12 @@ export type operations = {
           'application/json': components['schemas']['Error'];
         };
       };
+      /** @description To many requests */
+      429: {
+        content: {
+          'application/json': components['schemas']['Error'];
+        };
+      };
       /** @description Internal server error */
       500: {
         content: {
@@ -13260,6 +13452,12 @@ export type operations = {
           'application/json': components['schemas']['Error'];
         };
       };
+      /** @description To many requests */
+      429: {
+        content: {
+          'application/json': components['schemas']['Error'];
+        };
+      };
       /** @description Internal server error */
       500: {
         content: {
@@ -13327,6 +13525,12 @@ export type operations = {
           'application/json': components['schemas']['Error'];
         };
       };
+      /** @description To many requests */
+      429: {
+        content: {
+          'application/json': components['schemas']['Error'];
+        };
+      };
       /** @description Internal server error */
       500: {
         content: {
@@ -13412,6 +13616,12 @@ export type operations = {
           'application/json': components['schemas']['Error'];
         };
       };
+      /** @description To many requests */
+      429: {
+        content: {
+          'application/json': components['schemas']['Error'];
+        };
+      };
       /** @description Internal server error */
       500: {
         content: {
@@ -13482,6 +13692,12 @@ export type operations = {
           'application/json': components['schemas']['Error'];
         };
       };
+      /** @description To many requests */
+      429: {
+        content: {
+          'application/json': components['schemas']['Error'];
+        };
+      };
       /** @description Internal server error */
       500: {
         content: {
@@ -13551,6 +13767,12 @@ export type operations = {
           'application/json': components['schemas']['Error'];
         };
       };
+      /** @description To many requests */
+      429: {
+        content: {
+          'application/json': components['schemas']['Error'];
+        };
+      };
       /** @description Internal server error */
       500: {
         content: {
@@ -13618,6 +13840,12 @@ export type operations = {
           'application/json': components['schemas']['Error'];
         };
       };
+      /** @description To many requests */
+      429: {
+        content: {
+          'application/json': components['schemas']['Error'];
+        };
+      };
       /** @description Internal server error */
       500: {
         content: {
@@ -13687,6 +13915,12 @@ export type operations = {
           'application/json': components['schemas']['Error'];
         };
       };
+      /** @description To many requests */
+      429: {
+        content: {
+          'application/json': components['schemas']['Error'];
+        };
+      };
       /** @description Internal server error */
       500: {
         content: {
@@ -13801,6 +14035,12 @@ export type operations = {
           'application/json': components['schemas']['Error'];
         };
       };
+      /** @description To many requests */
+      429: {
+        content: {
+          'application/json': components['schemas']['Error'];
+        };
+      };
       /** @description Internal server error */
       500: {
         content: {
@@ -13857,6 +14097,12 @@ export type operations = {
           'application/json': components['schemas']['Error'];
         };
       };
+      /** @description To many requests */
+      429: {
+        content: {
+          'application/json': components['schemas']['Error'];
+        };
+      };
       /** @description Internal server error */
       500: {
         content: {
@@ -13909,6 +14155,12 @@ export type operations = {
           'application/json': components['schemas']['Error'];
         };
       };
+      /** @description To many requests */
+      429: {
+        content: {
+          'application/json': components['schemas']['Error'];
+        };
+      };
       /** @description Internal server error */
       500: {
         content: {
@@ -13955,8 +14207,14 @@ export type operations = {
           'application/json': components['schemas']['Error'];
         };
       };
-      /** @description Internal server error */
-      500: {
+      /** @description To many requests */
+      429: {
+        content: {
+          'application/json': components['schemas']['Error'];
+        };
+      };
+      /** @description Internal server error */
+      500: {
         content: {
           'application/json': components['schemas']['Error'];
         };
@@ -14015,6 +14273,12 @@ export type operations = {
           'application/json': components['schemas']['Error'];
         };
       };
+      /** @description To many requests */
+      429: {
+        content: {
+          'application/json': components['schemas']['Error'];
+        };
+      };
       /** @description Internal server error */
       500: {
         content: {
@@ -14069,6 +14333,12 @@ export type operations = {
           'application/json': components['schemas']['Error'];
         };
       };
+      /** @description To many requests */
+      429: {
+        content: {
+          'application/json': components['schemas']['Error'];
+        };
+      };
       /** @description Internal server error */
       500: {
         content: {
@@ -14126,6 +14396,12 @@ export type operations = {
           'application/json': components['schemas']['Error'];
         };
       };
+      /** @description To many requests */
+      429: {
+        content: {
+          'application/json': components['schemas']['Error'];
+        };
+      };
       /** @description Internal server error */
       500: {
         content: {
@@ -14178,6 +14454,12 @@ export type operations = {
           'application/json': components['schemas']['Error'];
         };
       };
+      /** @description To many requests */
+      429: {
+        content: {
+          'application/json': components['schemas']['Error'];
+        };
+      };
       /** @description Internal server error */
       500: {
         content: {
@@ -14230,6 +14512,12 @@ export type operations = {
           'application/json': components['schemas']['Error'];
         };
       };
+      /** @description To many requests */
+      429: {
+        content: {
+          'application/json': components['schemas']['Error'];
+        };
+      };
       /** @description Internal server error */
       500: {
         content: {
@@ -14276,6 +14564,12 @@ export type operations = {
           'application/json': components['schemas']['Error'];
         };
       };
+      /** @description To many requests */
+      429: {
+        content: {
+          'application/json': components['schemas']['Error'];
+        };
+      };
       /** @description Internal server error */
       500: {
         content: {
@@ -14325,6 +14619,12 @@ export type operations = {
           'application/json': components['schemas']['Error'];
         };
       };
+      /** @description To many requests */
+      429: {
+        content: {
+          'application/json': components['schemas']['Error'];
+        };
+      };
       /** @description Internal server error */
       500: {
         content: {
@@ -14393,6 +14693,12 @@ export type operations = {
           'application/json': components['schemas']['Error'];
         };
       };
+      /** @description To many requests */
+      429: {
+        content: {
+          'application/json': components['schemas']['Error'];
+        };
+      };
       /** @description Internal server error */
       500: {
         content: {
@@ -14453,6 +14759,12 @@ export type operations = {
           'application/json': components['schemas']['Error'];
         };
       };
+      /** @description To many requests */
+      429: {
+        content: {
+          'application/json': components['schemas']['Error'];
+        };
+      };
       /** @description Internal server error */
       500: {
         content: {
@@ -14506,6 +14818,12 @@ export type operations = {
           'application/json': components['schemas']['Error'];
         };
       };
+      /** @description To many requests */
+      429: {
+        content: {
+          'application/json': components['schemas']['Error'];
+        };
+      };
       /** @description Internal server error */
       500: {
         content: {
@@ -14634,6 +14952,12 @@ export type operations = {
           'application/json': components['schemas']['Error'];
         };
       };
+      /** @description To many requests */
+      429: {
+        content: {
+          'application/json': components['schemas']['Error'];
+        };
+      };
       /** @description Internal server error */
       500: {
         content: {
@@ -14687,6 +15011,12 @@ export type operations = {
           'application/json': components['schemas']['Error'];
         };
       };
+      /** @description To many requests */
+      429: {
+        content: {
+          'application/json': components['schemas']['Error'];
+        };
+      };
       /** @description Internal server error */
       500: {
         content: {
@@ -14745,6 +15075,12 @@ export type operations = {
           'application/json': components['schemas']['Error'];
         };
       };
+      /** @description To many requests */
+      429: {
+        content: {
+          'application/json': components['schemas']['Error'];
+        };
+      };
       /** @description Internal server error */
       500: {
         content: {
@@ -14800,6 +15136,12 @@ export type operations = {
           'application/json': components['schemas']['Error'];
         };
       };
+      /** @description To many requests */
+      429: {
+        content: {
+          'application/json': components['schemas']['Error'];
+        };
+      };
       /** @description Internal server error */
       500: {
         content: {
@@ -14859,6 +15201,12 @@ export type operations = {
           'application/json': components['schemas']['Error'];
         };
       };
+      /** @description To many requests */
+      429: {
+        content: {
+          'application/json': components['schemas']['Error'];
+        };
+      };
       /** @description Internal server error */
       500: {
         content: {
@@ -14994,6 +15342,12 @@ export type operations = {
           'application/json': components['schemas']['Error'];
         };
       };
+      /** @description To many requests */
+      429: {
+        content: {
+          'application/json': components['schemas']['Error'];
+        };
+      };
       /** @description Internal server error */
       500: {
         content: {
@@ -15108,6 +15462,12 @@ export type operations = {
           'application/json': components['schemas']['Error'];
         };
       };
+      /** @description To many requests */
+      429: {
+        content: {
+          'application/json': components['schemas']['Error'];
+        };
+      };
       /** @description Internal server error */
       500: {
         content: {
@@ -15166,6 +15526,12 @@ export type operations = {
           'application/json': components['schemas']['Error'];
         };
       };
+      /** @description To many requests */
+      429: {
+        content: {
+          'application/json': components['schemas']['Error'];
+        };
+      };
       /** @description Internal server error */
       500: {
         content: {
@@ -15220,6 +15586,12 @@ export type operations = {
           'application/json': components['schemas']['Error'];
         };
       };
+      /** @description To many requests */
+      429: {
+        content: {
+          'application/json': components['schemas']['Error'];
+        };
+      };
       /** @description Internal server error */
       500: {
         content: {
@@ -15277,6 +15649,12 @@ export type operations = {
           'application/json': components['schemas']['Error'];
         };
       };
+      /** @description To many requests */
+      429: {
+        content: {
+          'application/json': components['schemas']['Error'];
+        };
+      };
       /** @description Internal server error */
       500: {
         content: {
@@ -15336,6 +15714,12 @@ export type operations = {
           'application/json': components['schemas']['Error'];
         };
       };
+      /** @description To many requests */
+      429: {
+        content: {
+          'application/json': components['schemas']['Error'];
+        };
+      };
       /** @description Internal server error */
       500: {
         content: {
@@ -15392,6 +15776,12 @@ export type operations = {
           'application/json': components['schemas']['Error'];
         };
       };
+      /** @description To many requests */
+      429: {
+        content: {
+          'application/json': components['schemas']['Error'];
+        };
+      };
       /** @description Internal server error */
       500: {
         content: {
@@ -15454,6 +15844,12 @@ export type operations = {
           'application/json': components['schemas']['Error'];
         };
       };
+      /** @description To many requests */
+      429: {
+        content: {
+          'application/json': components['schemas']['Error'];
+        };
+      };
       /** @description Internal server error */
       500: {
         content: {
@@ -15500,6 +15896,12 @@ export type operations = {
           'application/json': components['schemas']['Error'];
         };
       };
+      /** @description To many requests */
+      429: {
+        content: {
+          'application/json': components['schemas']['Error'];
+        };
+      };
       /** @description Internal server error */
       500: {
         content: {
@@ -15614,6 +16016,12 @@ export type operations = {
           'application/json': components['schemas']['Error'];
         };
       };
+      /** @description To many requests */
+      429: {
+        content: {
+          'application/json': components['schemas']['Error'];
+        };
+      };
       /** @description Internal server error */
       500: {
         content: {
@@ -15677,6 +16085,12 @@ export type operations = {
           'application/json': components['schemas']['Error'];
         };
       };
+      /** @description To many requests */
+      429: {
+        content: {
+          'application/json': components['schemas']['Error'];
+        };
+      };
       /** @description Internal server error */
       500: {
         content: {
@@ -15746,6 +16160,12 @@ export type operations = {
           'application/json': components['schemas']['Error'];
         };
       };
+      /** @description To many requests */
+      429: {
+        content: {
+          'application/json': components['schemas']['Error'];
+        };
+      };
       /** @description Internal server error */
       500: {
         content: {
@@ -15803,6 +16223,12 @@ export type operations = {
           'application/json': components['schemas']['Error'];
         };
       };
+      /** @description To many requests */
+      429: {
+        content: {
+          'application/json': components['schemas']['Error'];
+        };
+      };
       /** @description Internal server error */
       500: {
         content: {
@@ -15855,6 +16281,12 @@ export type operations = {
           'application/json': components['schemas']['Error'];
         };
       };
+      /** @description To many requests */
+      429: {
+        content: {
+          'application/json': components['schemas']['Error'];
+        };
+      };
       /** @description Internal server error */
       500: {
         content: {
@@ -15914,6 +16346,12 @@ export type operations = {
           'application/json': components['schemas']['Error'];
         };
       };
+      /** @description To many requests */
+      429: {
+        content: {
+          'application/json': components['schemas']['Error'];
+        };
+      };
       /** @description Internal server error */
       500: {
         content: {
@@ -15973,6 +16411,12 @@ export type operations = {
           'application/json': components['schemas']['Error'];
         };
       };
+      /** @description To many requests */
+      429: {
+        content: {
+          'application/json': components['schemas']['Error'];
+        };
+      };
       /** @description Internal server error */
       500: {
         content: {
@@ -16328,6 +16772,12 @@ export type operations = {
           'application/json': components['schemas']['Error'];
         };
       };
+      /** @description To many requests */
+      429: {
+        content: {
+          'application/json': components['schemas']['Error'];
+        };
+      };
       /** @description Internal server error */
       500: {
         content: {
@@ -16382,6 +16832,12 @@ export type operations = {
           'application/json': components['schemas']['Error'];
         };
       };
+      /** @description To many requests */
+      429: {
+        content: {
+          'application/json': components['schemas']['Error'];
+        };
+      };
       /** @description Internal server error */
       500: {
         content: {
@@ -16445,6 +16901,12 @@ export type operations = {
           'application/json': components['schemas']['Error'];
         };
       };
+      /** @description To many requests */
+      429: {
+        content: {
+          'application/json': components['schemas']['Error'];
+        };
+      };
       /** @description Internal server error */
       500: {
         content: {
@@ -16508,6 +16970,12 @@ export type operations = {
           'application/json': components['schemas']['Error'];
         };
       };
+      /** @description To many requests */
+      429: {
+        content: {
+          'application/json': components['schemas']['Error'];
+        };
+      };
       /** @description Internal server error */
       500: {
         content: {
@@ -16560,6 +17028,12 @@ export type operations = {
           'application/json': components['schemas']['Error'];
         };
       };
+      /** @description To many requests */
+      429: {
+        content: {
+          'application/json': components['schemas']['Error'];
+        };
+      };
       /** @description Internal server error */
       500: {
         content: {
@@ -16616,6 +17090,12 @@ export type operations = {
           'application/json': components['schemas']['Error'];
         };
       };
+      /** @description To many requests */
+      429: {
+        content: {
+          'application/json': components['schemas']['Error'];
+        };
+      };
       /** @description Internal server error */
       500: {
         content: {
@@ -16662,6 +17142,12 @@ export type operations = {
           'application/json': components['schemas']['Error'];
         };
       };
+      /** @description To many requests */
+      429: {
+        content: {
+          'application/json': components['schemas']['Error'];
+        };
+      };
       /** @description Internal server error */
       500: {
         content: {
@@ -16720,6 +17206,12 @@ export type operations = {
           'application/json': components['schemas']['Error'];
         };
       };
+      /** @description To many requests */
+      429: {
+        content: {
+          'application/json': components['schemas']['Error'];
+        };
+      };
       /** @description Internal server error */
       500: {
         content: {
@@ -16835,6 +17327,12 @@ export type operations = {
           'application/json': components['schemas']['Error'];
         };
       };
+      /** @description To many requests */
+      429: {
+        content: {
+          'application/json': components['schemas']['Error'];
+        };
+      };
       /** @description Internal server error */
       500: {
         content: {
@@ -16887,6 +17385,12 @@ export type operations = {
           'application/json': components['schemas']['Error'];
         };
       };
+      /** @description To many requests */
+      429: {
+        content: {
+          'application/json': components['schemas']['Error'];
+        };
+      };
       /** @description Internal server error */
       500: {
         content: {
@@ -16941,8 +17445,14 @@ export type operations = {
           'application/json': components['schemas']['Error'];
         };
       };
-      /** @description Internal server error */
-      500: {
+      /** @description To many requests */
+      429: {
+        content: {
+          'application/json': components['schemas']['Error'];
+        };
+      };
+      /** @description Internal server error */
+      500: {
         content: {
           'application/json': components['schemas']['Error'];
         };
@@ -16993,6 +17503,12 @@ export type operations = {
           'application/json': components['schemas']['Error'];
         };
       };
+      /** @description To many requests */
+      429: {
+        content: {
+          'application/json': components['schemas']['Error'];
+        };
+      };
       /** @description Internal server error */
       500: {
         content: {
@@ -17106,6 +17622,12 @@ export type operations = {
           'application/json': components['schemas']['Error'];
         };
       };
+      /** @description To many requests */
+      429: {
+        content: {
+          'application/json': components['schemas']['Error'];
+        };
+      };
       /** @description Internal server error */
       500: {
         content: {
@@ -17162,6 +17684,12 @@ export type operations = {
           'application/json': components['schemas']['Error'];
         };
       };
+      /** @description To many requests */
+      429: {
+        content: {
+          'application/json': components['schemas']['Error'];
+        };
+      };
       /** @description Internal server error */
       500: {
         content: {
@@ -17224,6 +17752,12 @@ export type operations = {
           'application/json': components['schemas']['Error'];
         };
       };
+      /** @description To many requests */
+      429: {
+        content: {
+          'application/json': components['schemas']['Error'];
+        };
+      };
       /** @description Internal server error */
       500: {
         content: {
@@ -17281,6 +17815,12 @@ export type operations = {
           'application/json': components['schemas']['Error'];
         };
       };
+      /** @description To many requests */
+      429: {
+        content: {
+          'application/json': components['schemas']['Error'];
+        };
+      };
       /** @description Internal server error */
       500: {
         content: {
@@ -17334,6 +17874,12 @@ export type operations = {
           'application/json': components['schemas']['Error'];
         };
       };
+      /** @description To many requests */
+      429: {
+        content: {
+          'application/json': components['schemas']['Error'];
+        };
+      };
       /** @description Internal server error */
       500: {
         content: {
@@ -17384,6 +17930,12 @@ export type operations = {
           'application/json': components['schemas']['Error'];
         };
       };
+      /** @description To many requests */
+      429: {
+        content: {
+          'application/json': components['schemas']['Error'];
+        };
+      };
       /** @description Internal server error */
       500: {
         content: {
@@ -17451,6 +18003,12 @@ export type operations = {
           'application/json': components['schemas']['Error'];
         };
       };
+      /** @description To many requests */
+      429: {
+        content: {
+          'application/json': components['schemas']['Error'];
+        };
+      };
       /** @description Internal server error */
       500: {
         content: {
@@ -17497,6 +18055,12 @@ export type operations = {
           'application/json': components['schemas']['Error'];
         };
       };
+      /** @description To many requests */
+      429: {
+        content: {
+          'application/json': components['schemas']['Error'];
+        };
+      };
       /** @description Internal server error */
       500: {
         content: {
@@ -17553,6 +18117,12 @@ export type operations = {
           'application/json': components['schemas']['Error'];
         };
       };
+      /** @description To many requests */
+      429: {
+        content: {
+          'application/json': components['schemas']['Error'];
+        };
+      };
       /** @description Internal server error */
       500: {
         content: {
@@ -17671,6 +18241,12 @@ export type operations = {
           'application/json': components['schemas']['Error'];
         };
       };
+      /** @description To many requests */
+      429: {
+        content: {
+          'application/json': components['schemas']['Error'];
+        };
+      };
       /** @description Internal server error */
       500: {
         content: {
@@ -17886,6 +18462,12 @@ export type operations = {
           'application/json': components['schemas']['Error'];
         };
       };
+      /** @description To many requests */
+      429: {
+        content: {
+          'application/json': components['schemas']['Error'];
+        };
+      };
       /** @description Internal server error */
       500: {
         content: {
@@ -18069,6 +18651,12 @@ export type operations = {
           'application/json': components['schemas']['Error'];
         };
       };
+      /** @description To many requests */
+      429: {
+        content: {
+          'application/json': components['schemas']['Error'];
+        };
+      };
       /** @description Internal server error */
       500: {
         content: {
@@ -18138,6 +18726,12 @@ export type operations = {
           'application/json': components['schemas']['Error'];
         };
       };
+      /** @description To many requests */
+      429: {
+        content: {
+          'application/json': components['schemas']['Error'];
+        };
+      };
       /** @description Internal server error */
       500: {
         content: {
@@ -18190,6 +18784,12 @@ export type operations = {
           'application/json': components['schemas']['Error'];
         };
       };
+      /** @description To many requests */
+      429: {
+        content: {
+          'application/json': components['schemas']['Error'];
+        };
+      };
       /** @description Internal server error */
       500: {
         content: {
@@ -18836,6 +19436,12 @@ export type operations = {
           'application/json': components['schemas']['Error'];
         };
       };
+      /** @description To many requests */
+      429: {
+        content: {
+          'application/json': components['schemas']['Error'];
+        };
+      };
       /** @description Internal server error */
       500: {
         content: {
@@ -18898,6 +19504,12 @@ export type operations = {
           'application/json': components['schemas']['Error'];
         };
       };
+      /** @description To many requests */
+      429: {
+        content: {
+          'application/json': components['schemas']['Error'];
+        };
+      };
       /** @description Internal server error */
       500: {
         content: {
@@ -18956,6 +19568,12 @@ export type operations = {
           'application/json': components['schemas']['Error'];
         };
       };
+      /** @description To many requests */
+      429: {
+        content: {
+          'application/json': components['schemas']['Error'];
+        };
+      };
       /** @description Internal server error */
       500: {
         content: {
@@ -19510,6 +20128,12 @@ export type operations = {
           'application/json': components['schemas']['Error'];
         };
       };
+      /** @description To many requests */
+      429: {
+        content: {
+          'application/json': components['schemas']['Error'];
+        };
+      };
       /** @description Internal server error */
       500: {
         content: {
@@ -19568,6 +20192,12 @@ export type operations = {
           'application/json': components['schemas']['Error'];
         };
       };
+      /** @description To many requests */
+      429: {
+        content: {
+          'application/json': components['schemas']['Error'];
+        };
+      };
       /** @description Internal server error */
       500: {
         content: {
@@ -19622,6 +20252,12 @@ export type operations = {
           'application/json': components['schemas']['Error'];
         };
       };
+      /** @description To many requests */
+      429: {
+        content: {
+          'application/json': components['schemas']['Error'];
+        };
+      };
       /** @description Internal server error */
       500: {
         content: {
@@ -19666,6 +20302,12 @@ export type operations = {
           'application/json': components['schemas']['Error'];
         };
       };
+      /** @description To many requests */
+      429: {
+        content: {
+          'application/json': components['schemas']['Error'];
+        };
+      };
       /** @description Internal server error */
       500: {
         content: {
@@ -19718,6 +20360,12 @@ export type operations = {
           'application/json': components['schemas']['Error'];
         };
       };
+      /** @description To many requests */
+      429: {
+        content: {
+          'application/json': components['schemas']['Error'];
+        };
+      };
       /** @description Internal server error */
       500: {
         content: {
@@ -19831,6 +20479,12 @@ export type operations = {
           'application/json': components['schemas']['Error'];
         };
       };
+      /** @description To many requests */
+      429: {
+        content: {
+          'application/json': components['schemas']['Error'];
+        };
+      };
       /** @description Internal server error */
       500: {
         content: {
@@ -19884,6 +20538,12 @@ export type operations = {
           'application/json': components['schemas']['Error'];
         };
       };
+      /** @description To many requests */
+      429: {
+        content: {
+          'application/json': components['schemas']['Error'];
+        };
+      };
       /** @description Internal server error */
       500: {
         content: {
@@ -19943,6 +20603,12 @@ export type operations = {
           'application/json': components['schemas']['Error'];
         };
       };
+      /** @description To many requests */
+      429: {
+        content: {
+          'application/json': components['schemas']['Error'];
+        };
+      };
       /** @description Internal server error */
       500: {
         content: {
@@ -19999,6 +20665,12 @@ export type operations = {
           'application/json': components['schemas']['Error'];
         };
       };
+      /** @description To many requests */
+      429: {
+        content: {
+          'application/json': components['schemas']['Error'];
+        };
+      };
       /** @description Internal server error */
       500: {
         content: {
@@ -20056,6 +20728,12 @@ export type operations = {
           'application/json': components['schemas']['Error'];
         };
       };
+      /** @description To many requests */
+      429: {
+        content: {
+          'application/json': components['schemas']['Error'];
+        };
+      };
       /** @description Internal server error */
       500: {
         content: {
@@ -20111,6 +20789,12 @@ export type operations = {
           'application/json': components['schemas']['Error'];
         };
       };
+      /** @description To many requests */
+      429: {
+        content: {
+          'application/json': components['schemas']['Error'];
+        };
+      };
       /** @description Internal server error */
       500: {
         content: {
@@ -20165,6 +20849,12 @@ export type operations = {
           'application/json': components['schemas']['Error'];
         };
       };
+      /** @description To many requests */
+      429: {
+        content: {
+          'application/json': components['schemas']['Error'];
+        };
+      };
       /** @description Internal server error */
       500: {
         content: {
@@ -20215,6 +20905,12 @@ export type operations = {
           'application/json': components['schemas']['Error'];
         };
       };
+      /** @description To many requests */
+      429: {
+        content: {
+          'application/json': components['schemas']['Error'];
+        };
+      };
       /** @description Internal server error */
       500: {
         content: {
@@ -20270,6 +20966,12 @@ export type operations = {
           'application/json': components['schemas']['Error'];
         };
       };
+      /** @description To many requests */
+      429: {
+        content: {
+          'application/json': components['schemas']['Error'];
+        };
+      };
       /** @description Internal server error */
       500: {
         content: {
@@ -20324,6 +21026,12 @@ export type operations = {
           'application/json': components['schemas']['Error'];
         };
       };
+      /** @description To many requests */
+      429: {
+        content: {
+          'application/json': components['schemas']['Error'];
+        };
+      };
       /** @description Internal server error */
       500: {
         content: {
@@ -20383,6 +21091,12 @@ export type operations = {
           'application/json': components['schemas']['Error'];
         };
       };
+      /** @description To many requests */
+      429: {
+        content: {
+          'application/json': components['schemas']['Error'];
+        };
+      };
       /** @description Internal server error */
       500: {
         content: {
@@ -20437,6 +21151,12 @@ export type operations = {
           'application/json': components['schemas']['Error'];
         };
       };
+      /** @description To many requests */
+      429: {
+        content: {
+          'application/json': components['schemas']['Error'];
+        };
+      };
       /** @description Internal server error */
       500: {
         content: {
@@ -20870,6 +21590,12 @@ export type operations = {
           'application/json': components['schemas']['Error'];
         };
       };
+      /** @description To many requests */
+      429: {
+        content: {
+          'application/json': components['schemas']['Error'];
+        };
+      };
       /** @description Internal server error */
       500: {
         content: {
@@ -20929,6 +21655,12 @@ export type operations = {
           'application/json': components['schemas']['Error'];
         };
       };
+      /** @description To many requests */
+      429: {
+        content: {
+          'application/json': components['schemas']['Error'];
+        };
+      };
       /** @description Internal server error */
       500: {
         content: {
@@ -20996,6 +21728,12 @@ export type operations = {
           'application/json': components['schemas']['Error'];
         };
       };
+      /** @description To many requests */
+      429: {
+        content: {
+          'application/json': components['schemas']['Error'];
+        };
+      };
       /** @description Internal server error */
       500: {
         content: {
@@ -21053,6 +21791,12 @@ export type operations = {
           'application/json': components['schemas']['Error'];
         };
       };
+      /** @description To many requests */
+      429: {
+        content: {
+          'application/json': components['schemas']['Error'];
+        };
+      };
       /** @description Internal server error */
       500: {
         content: {
@@ -21105,6 +21849,12 @@ export type operations = {
           'application/json': components['schemas']['Error'];
         };
       };
+      /** @description To many requests */
+      429: {
+        content: {
+          'application/json': components['schemas']['Error'];
+        };
+      };
       /** @description Internal server error */
       500: {
         content: {
@@ -21216,6 +21966,12 @@ export type operations = {
           'application/json': components['schemas']['Error'];
         };
       };
+      /** @description To many requests */
+      429: {
+        content: {
+          'application/json': components['schemas']['Error'];
+        };
+      };
       /** @description Internal server error */
       500: {
         content: {
@@ -21268,8 +22024,14 @@ export type operations = {
           'application/json': components['schemas']['Error'];
         };
       };
-      /** @description Internal server error */
-      500: {
+      /** @description To many requests */
+      429: {
+        content: {
+          'application/json': components['schemas']['Error'];
+        };
+      };
+      /** @description Internal server error */
+      500: {
         content: {
           'application/json': components['schemas']['Error'];
         };
@@ -21326,6 +22088,12 @@ export type operations = {
           'application/json': components['schemas']['Error'];
         };
       };
+      /** @description To many requests */
+      429: {
+        content: {
+          'application/json': components['schemas']['Error'];
+        };
+      };
       /** @description Internal server error */
       500: {
         content: {
@@ -21374,6 +22142,12 @@ export type operations = {
           'application/json': components['schemas']['Error'];
         };
       };
+      /** @description To many requests */
+      429: {
+        content: {
+          'application/json': components['schemas']['Error'];
+        };
+      };
       /** @description Internal server error */
       500: {
         content: {
@@ -21428,6 +22202,12 @@ export type operations = {
           'application/json': components['schemas']['Error'];
         };
       };
+      /** @description To many requests */
+      429: {
+        content: {
+          'application/json': components['schemas']['Error'];
+        };
+      };
       /** @description Internal server error */
       500: {
         content: {
@@ -21476,6 +22256,12 @@ export type operations = {
           'application/json': components['schemas']['Error'];
         };
       };
+      /** @description To many requests */
+      429: {
+        content: {
+          'application/json': components['schemas']['Error'];
+        };
+      };
       /** @description Internal server error */
       500: {
         content: {
@@ -21529,6 +22315,12 @@ export type operations = {
           'application/json': components['schemas']['Error'];
         };
       };
+      /** @description To many requests */
+      429: {
+        content: {
+          'application/json': components['schemas']['Error'];
+        };
+      };
       /** @description Internal server error */
       500: {
         content: {
@@ -21589,6 +22381,12 @@ export type operations = {
           'application/json': components['schemas']['Error'];
         };
       };
+      /** @description To many requests */
+      429: {
+        content: {
+          'application/json': components['schemas']['Error'];
+        };
+      };
       /** @description Internal server error */
       500: {
         content: {
@@ -21701,6 +22499,12 @@ export type operations = {
           'application/json': components['schemas']['Error'];
         };
       };
+      /** @description To many requests */
+      429: {
+        content: {
+          'application/json': components['schemas']['Error'];
+        };
+      };
       /** @description Internal server error */
       500: {
         content: {
@@ -21759,6 +22563,12 @@ export type operations = {
           'application/json': components['schemas']['Error'];
         };
       };
+      /** @description To many requests */
+      429: {
+        content: {
+          'application/json': components['schemas']['Error'];
+        };
+      };
       /** @description Internal server error */
       500: {
         content: {
@@ -21869,6 +22679,12 @@ export type operations = {
           'application/json': components['schemas']['Error'];
         };
       };
+      /** @description To many requests */
+      429: {
+        content: {
+          'application/json': components['schemas']['Error'];
+        };
+      };
       /** @description Internal server error */
       500: {
         content: {
@@ -21927,6 +22743,12 @@ export type operations = {
           'application/json': components['schemas']['Error'];
         };
       };
+      /** @description To many requests */
+      429: {
+        content: {
+          'application/json': components['schemas']['Error'];
+        };
+      };
       /** @description Internal server error */
       500: {
         content: {
@@ -21983,6 +22805,12 @@ export type operations = {
           'application/json': components['schemas']['Error'];
         };
       };
+      /** @description To many requests */
+      429: {
+        content: {
+          'application/json': components['schemas']['Error'];
+        };
+      };
       /** @description Internal server error */
       500: {
         content: {
@@ -22047,6 +22875,12 @@ export type operations = {
           'application/json': components['schemas']['Error'];
         };
       };
+      /** @description To many requests */
+      429: {
+        content: {
+          'application/json': components['schemas']['Error'];
+        };
+      };
       /** @description Internal server error */
       500: {
         content: {
@@ -22109,6 +22943,12 @@ export type operations = {
           'application/json': components['schemas']['Error'];
         };
       };
+      /** @description To many requests */
+      429: {
+        content: {
+          'application/json': components['schemas']['Error'];
+        };
+      };
       /** @description Internal server error */
       500: {
         content: {
@@ -22163,6 +23003,12 @@ export type operations = {
           'application/json': components['schemas']['Error'];
         };
       };
+      /** @description To many requests */
+      429: {
+        content: {
+          'application/json': components['schemas']['Error'];
+        };
+      };
       /** @description Internal server error */
       500: {
         content: {
@@ -22221,6 +23067,12 @@ export type operations = {
           'application/json': components['schemas']['Error'];
         };
       };
+      /** @description To many requests */
+      429: {
+        content: {
+          'application/json': components['schemas']['Error'];
+        };
+      };
       /** @description Internal server error */
       500: {
         content: {
@@ -22484,6 +23336,12 @@ export type operations = {
           'application/json': components['schemas']['Error'];
         };
       };
+      /** @description To many requests */
+      429: {
+        content: {
+          'application/json': components['schemas']['Error'];
+        };
+      };
       /** @description Internal server error */
       500: {
         content: {
@@ -22542,6 +23400,12 @@ export type operations = {
           'application/json': components['schemas']['Error'];
         };
       };
+      /** @description To many requests */
+      429: {
+        content: {
+          'application/json': components['schemas']['Error'];
+        };
+      };
       /** @description Internal server error */
       500: {
         content: {
@@ -22617,6 +23481,12 @@ export type operations = {
           'application/json': components['schemas']['Error'];
         };
       };
+      /** @description To many requests */
+      429: {
+        content: {
+          'application/json': components['schemas']['Error'];
+        };
+      };
       /** @description Internal server error */
       500: {
         content: {
@@ -22683,6 +23553,12 @@ export type operations = {
           'application/json': components['schemas']['Error'];
         };
       };
+      /** @description To many requests */
+      429: {
+        content: {
+          'application/json': components['schemas']['Error'];
+        };
+      };
       /** @description Internal server error */
       500: {
         content: {
@@ -22749,6 +23625,12 @@ export type operations = {
           'application/json': components['schemas']['Error'];
         };
       };
+      /** @description To many requests */
+      429: {
+        content: {
+          'application/json': components['schemas']['Error'];
+        };
+      };
       /** @description Internal server error */
       500: {
         content: {
@@ -22825,6 +23707,12 @@ export type operations = {
           'application/json': components['schemas']['Error'];
         };
       };
+      /** @description To many requests */
+      429: {
+        content: {
+          'application/json': components['schemas']['Error'];
+        };
+      };
       /** @description Internal server error */
       500: {
         content: {
@@ -22895,6 +23783,12 @@ export type operations = {
           'application/json': components['schemas']['Error'];
         };
       };
+      /** @description To many requests */
+      429: {
+        content: {
+          'application/json': components['schemas']['Error'];
+        };
+      };
       /** @description Internal server error */
       500: {
         content: {
@@ -22956,6 +23850,12 @@ export type operations = {
           'application/json': components['schemas']['Error'];
         };
       };
+      /** @description To many requests */
+      429: {
+        content: {
+          'application/json': components['schemas']['Error'];
+        };
+      };
       /** @description Internal server error */
       500: {
         content: {
@@ -23014,6 +23914,12 @@ export type operations = {
           'application/json': components['schemas']['Error'];
         };
       };
+      /** @description To many requests */
+      429: {
+        content: {
+          'application/json': components['schemas']['Error'];
+        };
+      };
       /** @description Internal server error */
       500: {
         content: {
@@ -23067,6 +23973,12 @@ export type operations = {
           'application/json': components['schemas']['Error'];
         };
       };
+      /** @description To many requests */
+      429: {
+        content: {
+          'application/json': components['schemas']['Error'];
+        };
+      };
       /** @description Internal server error */
       500: {
         content: {
@@ -23119,6 +24031,12 @@ export type operations = {
           'application/json': components['schemas']['Error'];
         };
       };
+      /** @description To many requests */
+      429: {
+        content: {
+          'application/json': components['schemas']['Error'];
+        };
+      };
       /** @description Internal server error */
       500: {
         content: {
@@ -23180,6 +24098,12 @@ export type operations = {
           'application/json': components['schemas']['Error'];
         };
       };
+      /** @description To many requests */
+      429: {
+        content: {
+          'application/json': components['schemas']['Error'];
+        };
+      };
       /** @description Internal server error */
       500: {
         content: {
@@ -23233,6 +24157,12 @@ export type operations = {
           'application/json': components['schemas']['Error'];
         };
       };
+      /** @description To many requests */
+      429: {
+        content: {
+          'application/json': components['schemas']['Error'];
+        };
+      };
       /** @description Internal server error */
       500: {
         content: {
@@ -23344,6 +24274,12 @@ export type operations = {
           'application/json': components['schemas']['Error'];
         };
       };
+      /** @description To many requests */
+      429: {
+        content: {
+          'application/json': components['schemas']['Error'];
+        };
+      };
       /** @description Internal server error */
       500: {
         content: {
@@ -23408,6 +24344,12 @@ export type operations = {
           'application/json': components['schemas']['Error'];
         };
       };
+      /** @description To many requests */
+      429: {
+        content: {
+          'application/json': components['schemas']['Error'];
+        };
+      };
       /** @description Internal server error */
       500: {
         content: {
@@ -23468,6 +24410,12 @@ export type operations = {
           'application/json': components['schemas']['Error'];
         };
       };
+      /** @description To many requests */
+      429: {
+        content: {
+          'application/json': components['schemas']['Error'];
+        };
+      };
       /** @description Internal server error */
       500: {
         content: {
@@ -23540,6 +24488,12 @@ export type operations = {
           'application/json': components['schemas']['Error'];
         };
       };
+      /** @description To many requests */
+      429: {
+        content: {
+          'application/json': components['schemas']['Error'];
+        };
+      };
       /** @description Internal server error */
       500: {
         content: {
@@ -23615,6 +24569,12 @@ export type operations = {
           'application/json': components['schemas']['Error'];
         };
       };
+      /** @description To many requests */
+      429: {
+        content: {
+          'application/json': components['schemas']['Error'];
+        };
+      };
       /** @description Internal server error */
       500: {
         content: {
@@ -23669,6 +24629,12 @@ export type operations = {
           'application/json': components['schemas']['Error'];
         };
       };
+      /** @description To many requests */
+      429: {
+        content: {
+          'application/json': components['schemas']['Error'];
+        };
+      };
       /** @description Internal server error */
       500: {
         content: {
@@ -23726,6 +24692,12 @@ export type operations = {
           'application/json': components['schemas']['Error'];
         };
       };
+      /** @description To many requests */
+      429: {
+        content: {
+          'application/json': components['schemas']['Error'];
+        };
+      };
       /** @description Internal server error */
       500: {
         content: {
@@ -23836,6 +24808,12 @@ export type operations = {
           'application/json': components['schemas']['Error'];
         };
       };
+      /** @description To many requests */
+      429: {
+        content: {
+          'application/json': components['schemas']['Error'];
+        };
+      };
       /** @description Internal server error */
       500: {
         content: {
@@ -23910,6 +24888,12 @@ export type operations = {
           'application/json': components['schemas']['Error'];
         };
       };
+      /** @description To many requests */
+      429: {
+        content: {
+          'application/json': components['schemas']['Error'];
+        };
+      };
       /** @description Internal server error */
       500: {
         content: {
@@ -23972,6 +24956,12 @@ export type operations = {
           'application/json': components['schemas']['Error'];
         };
       };
+      /** @description To many requests */
+      429: {
+        content: {
+          'application/json': components['schemas']['Error'];
+        };
+      };
       /** @description Internal server error */
       500: {
         content: {
@@ -24109,6 +25099,12 @@ export type operations = {
           'application/json': components['schemas']['Error'];
         };
       };
+      /** @description To many requests */
+      429: {
+        content: {
+          'application/json': components['schemas']['Error'];
+        };
+      };
       /** @description Internal server error */
       500: {
         content: {
@@ -24260,6 +25256,12 @@ export type operations = {
           'application/json': components['schemas']['Error'];
         };
       };
+      /** @description To many requests */
+      429: {
+        content: {
+          'application/json': components['schemas']['Error'];
+        };
+      };
       /** @description Internal server error */
       500: {
         content: {
@@ -24363,6 +25365,12 @@ export type operations = {
           'application/json': components['schemas']['Error'];
         };
       };
+      /** @description To many requests */
+      429: {
+        content: {
+          'application/json': components['schemas']['Error'];
+        };
+      };
       /** @description Internal server error */
       500: {
         content: {
@@ -24407,8 +25415,14 @@ export type operations = {
           'application/json': components['schemas']['Error'];
         };
       };
-      /** @description Internal server error */
-      500: {
+      /** @description To many requests */
+      429: {
+        content: {
+          'application/json': components['schemas']['Error'];
+        };
+      };
+      /** @description Internal server error */
+      500: {
         content: {
           'application/json': components['schemas']['Error'];
         };
@@ -24512,6 +25526,12 @@ export type operations = {
           'application/json': components['schemas']['Error'];
         };
       };
+      /** @description To many requests */
+      429: {
+        content: {
+          'application/json': components['schemas']['Error'];
+        };
+      };
       /** @description Internal server error */
       500: {
         content: {
@@ -24643,6 +25663,12 @@ export type operations = {
           'application/json': components['schemas']['Error'];
         };
       };
+      /** @description To many requests */
+      429: {
+        content: {
+          'application/json': components['schemas']['Error'];
+        };
+      };
       /** @description Internal server error */
       500: {
         content: {
@@ -24689,6 +25715,12 @@ export type operations = {
           'application/json': components['schemas']['Error'];
         };
       };
+      /** @description To many requests */
+      429: {
+        content: {
+          'application/json': components['schemas']['Error'];
+        };
+      };
       /** @description Internal server error */
       500: {
         content: {
@@ -24741,6 +25773,12 @@ export type operations = {
           'application/json': components['schemas']['Error'];
         };
       };
+      /** @description To many requests */
+      429: {
+        content: {
+          'application/json': components['schemas']['Error'];
+        };
+      };
       /** @description Internal server error */
       500: {
         content: {
@@ -24797,6 +25835,12 @@ export type operations = {
           'application/json': components['schemas']['Error'];
         };
       };
+      /** @description To many requests */
+      429: {
+        content: {
+          'application/json': components['schemas']['Error'];
+        };
+      };
       /** @description Internal server error */
       500: {
         content: {
@@ -24849,6 +25893,12 @@ export type operations = {
           'application/json': components['schemas']['Error'];
         };
       };
+      /** @description To many requests */
+      429: {
+        content: {
+          'application/json': components['schemas']['Error'];
+        };
+      };
       /** @description Internal server error */
       500: {
         content: {
@@ -25042,6 +26092,12 @@ export type operations = {
           'application/json': components['schemas']['Error'];
         };
       };
+      /** @description To many requests */
+      429: {
+        content: {
+          'application/json': components['schemas']['Error'];
+        };
+      };
       /** @description Internal server error */
       500: {
         content: {
@@ -25088,6 +26144,12 @@ export type operations = {
           'application/json': components['schemas']['Error'];
         };
       };
+      /** @description To many requests */
+      429: {
+        content: {
+          'application/json': components['schemas']['Error'];
+        };
+      };
       /** @description Internal server error */
       500: {
         content: {
@@ -25140,6 +26202,12 @@ export type operations = {
           'application/json': components['schemas']['Error'];
         };
       };
+      /** @description To many requests */
+      429: {
+        content: {
+          'application/json': components['schemas']['Error'];
+        };
+      };
       /** @description Internal server error */
       500: {
         content: {
@@ -25194,6 +26262,12 @@ export type operations = {
           'application/json': components['schemas']['Error'];
         };
       };
+      /** @description To many requests */
+      429: {
+        content: {
+          'application/json': components['schemas']['Error'];
+        };
+      };
       /** @description Internal server error */
       500: {
         content: {
@@ -25246,6 +26320,12 @@ export type operations = {
           'application/json': components['schemas']['Error'];
         };
       };
+      /** @description To many requests */
+      429: {
+        content: {
+          'application/json': components['schemas']['Error'];
+        };
+      };
       /** @description Internal server error */
       500: {
         content: {
@@ -25368,6 +26448,12 @@ export type operations = {
           'application/json': components['schemas']['Error'];
         };
       };
+      /** @description To many requests */
+      429: {
+        content: {
+          'application/json': components['schemas']['Error'];
+        };
+      };
       /** @description Internal server error */
       500: {
         content: {
@@ -25430,6 +26516,12 @@ export type operations = {
           'application/json': components['schemas']['Error'];
         };
       };
+      /** @description To many requests */
+      429: {
+        content: {
+          'application/json': components['schemas']['Error'];
+        };
+      };
       /** @description Internal server error */
       500: {
         content: {
@@ -25478,6 +26570,12 @@ export type operations = {
           'application/json': components['schemas']['Error'];
         };
       };
+      /** @description To many requests */
+      429: {
+        content: {
+          'application/json': components['schemas']['Error'];
+        };
+      };
       /** @description Internal server error */
       500: {
         content: {
@@ -25524,6 +26622,12 @@ export type operations = {
           'application/json': components['schemas']['Error'];
         };
       };
+      /** @description To many requests */
+      429: {
+        content: {
+          'application/json': components['schemas']['Error'];
+        };
+      };
       /** @description Internal server error */
       500: {
         content: {
@@ -25576,6 +26680,12 @@ export type operations = {
           'application/json': components['schemas']['Error'];
         };
       };
+      /** @description To many requests */
+      429: {
+        content: {
+          'application/json': components['schemas']['Error'];
+        };
+      };
       /** @description Internal server error */
       500: {
         content: {
@@ -25622,6 +26732,12 @@ export type operations = {
           'application/json': components['schemas']['Error'];
         };
       };
+      /** @description To many requests */
+      429: {
+        content: {
+          'application/json': components['schemas']['Error'];
+        };
+      };
       /** @description Internal server error */
       500: {
         content: {
@@ -25676,6 +26792,12 @@ export type operations = {
           'application/json': components['schemas']['Error'];
         };
       };
+      /** @description To many requests */
+      429: {
+        content: {
+          'application/json': components['schemas']['Error'];
+        };
+      };
       /** @description Internal server error */
       500: {
         content: {
@@ -25740,6 +26862,12 @@ export type operations = {
           'application/json': components['schemas']['Error'];
         };
       };
+      /** @description To many requests */
+      429: {
+        content: {
+          'application/json': components['schemas']['Error'];
+        };
+      };
       /** @description Internal server error */
       500: {
         content: {
@@ -25802,6 +26930,12 @@ export type operations = {
           'application/json': components['schemas']['Error'];
         };
       };
+      /** @description To many requests */
+      429: {
+        content: {
+          'application/json': components['schemas']['Error'];
+        };
+      };
       /** @description Internal server error */
       500: {
         content: {
@@ -25904,6 +27038,12 @@ export type operations = {
           'application/json': components['schemas']['Error'];
         };
       };
+      /** @description To many requests */
+      429: {
+        content: {
+          'application/json': components['schemas']['Error'];
+        };
+      };
       /** @description Internal server error */
       500: {
         content: {
@@ -25956,6 +27096,12 @@ export type operations = {
           'application/json': components['schemas']['Error'];
         };
       };
+      /** @description To many requests */
+      429: {
+        content: {
+          'application/json': components['schemas']['Error'];
+        };
+      };
       /** @description Internal server error */
       500: {
         content: {
@@ -26015,6 +27161,12 @@ export type operations = {
           'application/json': components['schemas']['Error'];
         };
       };
+      /** @description To many requests */
+      429: {
+        content: {
+          'application/json': components['schemas']['Error'];
+        };
+      };
       /** @description Internal server error */
       500: {
         content: {
@@ -26069,6 +27221,12 @@ export type operations = {
           'application/json': components['schemas']['Error'];
         };
       };
+      /** @description To many requests */
+      429: {
+        content: {
+          'application/json': components['schemas']['Error'];
+        };
+      };
       /** @description Internal server error */
       500: {
         content: {
@@ -26131,6 +27289,12 @@ export type operations = {
           'application/json': components['schemas']['Error'];
         };
       };
+      /** @description To many requests */
+      429: {
+        content: {
+          'application/json': components['schemas']['Error'];
+        };
+      };
       /** @description Internal server error */
       500: {
         content: {
@@ -26190,6 +27354,12 @@ export type operations = {
           'application/json': components['schemas']['Error'];
         };
       };
+      /** @description To many requests */
+      429: {
+        content: {
+          'application/json': components['schemas']['Error'];
+        };
+      };
       /** @description Internal server error */
       500: {
         content: {
@@ -26255,6 +27425,12 @@ export type operations = {
           'application/json': components['schemas']['Error'];
         };
       };
+      /** @description To many requests */
+      429: {
+        content: {
+          'application/json': components['schemas']['Error'];
+        };
+      };
       /** @description Internal server error */
       500: {
         content: {
@@ -26306,6 +27482,12 @@ export type operations = {
           'application/json': components['schemas']['Error'];
         };
       };
+      /** @description To many requests */
+      429: {
+        content: {
+          'application/json': components['schemas']['Error'];
+        };
+      };
       /** @description Internal server error */
       500: {
         content: {
@@ -26374,6 +27556,12 @@ export type operations = {
           'application/json': components['schemas']['Error'];
         };
       };
+      /** @description To many requests */
+      429: {
+        content: {
+          'application/json': components['schemas']['Error'];
+        };
+      };
       /** @description Internal server error */
       500: {
         content: {
@@ -26429,6 +27617,12 @@ export type operations = {
           'application/json': components['schemas']['Error'];
         };
       };
+      /** @description To many requests */
+      429: {
+        content: {
+          'application/json': components['schemas']['Error'];
+        };
+      };
       /** @description Internal server error */
       500: {
         content: {
@@ -26502,6 +27696,12 @@ export type operations = {
           'application/json': components['schemas']['Error'];
         };
       };
+      /** @description To many requests */
+      429: {
+        content: {
+          'application/json': components['schemas']['Error'];
+        };
+      };
       /** @description Internal server error */
       500: {
         content: {
@@ -26562,6 +27762,12 @@ export type operations = {
           'application/json': components['schemas']['Error'];
         };
       };
+      /** @description To many requests */
+      429: {
+        content: {
+          'application/json': components['schemas']['Error'];
+        };
+      };
       /** @description Internal server error */
       500: {
         content: {
@@ -26625,6 +27831,12 @@ export type operations = {
           'application/json': components['schemas']['Error'];
         };
       };
+      /** @description To many requests */
+      429: {
+        content: {
+          'application/json': components['schemas']['Error'];
+        };
+      };
       /** @description Internal server error */
       500: {
         content: {
@@ -26689,6 +27901,12 @@ export type operations = {
           'application/json': components['schemas']['Error'];
         };
       };
+      /** @description To many requests */
+      429: {
+        content: {
+          'application/json': components['schemas']['Error'];
+        };
+      };
       /** @description Internal server error */
       500: {
         content: {
@@ -26749,6 +27967,12 @@ export type operations = {
           'application/json': components['schemas']['Error'];
         };
       };
+      /** @description To many requests */
+      429: {
+        content: {
+          'application/json': components['schemas']['Error'];
+        };
+      };
       /** @description Internal server error */
       500: {
         content: {
@@ -26808,6 +28032,12 @@ export type operations = {
           'application/json': components['schemas']['Error'];
         };
       };
+      /** @description To many requests */
+      429: {
+        content: {
+          'application/json': components['schemas']['Error'];
+        };
+      };
       /** @description Internal server error */
       500: {
         content: {
@@ -26866,6 +28096,12 @@ export type operations = {
           'application/json': components['schemas']['Error'];
         };
       };
+      /** @description To many requests */
+      429: {
+        content: {
+          'application/json': components['schemas']['Error'];
+        };
+      };
       /** @description Internal server error */
       500: {
         content: {
@@ -26919,6 +28155,12 @@ export type operations = {
           'application/json': components['schemas']['Error'];
         };
       };
+      /** @description To many requests */
+      429: {
+        content: {
+          'application/json': components['schemas']['Error'];
+        };
+      };
       /** @description Internal server error */
       500: {
         content: {
@@ -26971,6 +28213,12 @@ export type operations = {
           'application/json': components['schemas']['Error'];
         };
       };
+      /** @description To many requests */
+      429: {
+        content: {
+          'application/json': components['schemas']['Error'];
+        };
+      };
       /** @description Internal server error */
       500: {
         content: {
@@ -27025,6 +28273,12 @@ export type operations = {
           'application/json': components['schemas']['Error'];
         };
       };
+      /** @description To many requests */
+      429: {
+        content: {
+          'application/json': components['schemas']['Error'];
+        };
+      };
       /** @description Internal server error */
       500: {
         content: {
@@ -27079,6 +28333,12 @@ export type operations = {
           'application/json': components['schemas']['Error'];
         };
       };
+      /** @description To many requests */
+      429: {
+        content: {
+          'application/json': components['schemas']['Error'];
+        };
+      };
       /** @description Internal server error */
       500: {
         content: {
@@ -27195,6 +28455,12 @@ export type operations = {
           'application/json': components['schemas']['Error'];
         };
       };
+      /** @description To many requests */
+      429: {
+        content: {
+          'application/json': components['schemas']['Error'];
+        };
+      };
       /** @description Internal server error */
       500: {
         content: {
@@ -27247,6 +28513,12 @@ export type operations = {
           'application/json': components['schemas']['Error'];
         };
       };
+      /** @description To many requests */
+      429: {
+        content: {
+          'application/json': components['schemas']['Error'];
+        };
+      };
       /** @description Internal server error */
       500: {
         content: {
@@ -27299,6 +28571,12 @@ export type operations = {
           'application/json': components['schemas']['Error'];
         };
       };
+      /** @description To many requests */
+      429: {
+        content: {
+          'application/json': components['schemas']['Error'];
+        };
+      };
       /** @description Internal server error */
       500: {
         content: {
@@ -27355,6 +28633,12 @@ export type operations = {
           'application/json': components['schemas']['Error'];
         };
       };
+      /** @description To many requests */
+      429: {
+        content: {
+          'application/json': components['schemas']['Error'];
+        };
+      };
       /** @description Internal server error */
       500: {
         content: {
@@ -27410,6 +28694,12 @@ export type operations = {
           'application/json': components['schemas']['Error'];
         };
       };
+      /** @description To many requests */
+      429: {
+        content: {
+          'application/json': components['schemas']['Error'];
+        };
+      };
       /** @description Internal server error */
       500: {
         content: {
@@ -27465,6 +28755,12 @@ export type operations = {
           'application/json': components['schemas']['Error'];
         };
       };
+      /** @description To many requests */
+      429: {
+        content: {
+          'application/json': components['schemas']['Error'];
+        };
+      };
       /** @description Internal server error */
       500: {
         content: {
@@ -27536,6 +28832,12 @@ export type operations = {
           'application/json': components['schemas']['Error'];
         };
       };
+      /** @description To many requests */
+      429: {
+        content: {
+          'application/json': components['schemas']['Error'];
+        };
+      };
       /** @description Internal server error */
       500: {
         content: {
@@ -27616,6 +28918,12 @@ export type operations = {
           'application/json': components['schemas']['Error'];
         };
       };
+      /** @description To many requests */
+      429: {
+        content: {
+          'application/json': components['schemas']['Error'];
+        };
+      };
       /** @description Internal server error */
       500: {
         content: {
@@ -27676,6 +28984,12 @@ export type operations = {
           'application/json': components['schemas']['Error'];
         };
       };
+      /** @description To many requests */
+      429: {
+        content: {
+          'application/json': components['schemas']['Error'];
+        };
+      };
       /** @description Internal server error */
       500: {
         content: {
@@ -27736,6 +29050,12 @@ export type operations = {
           'application/json': components['schemas']['Error'];
         };
       };
+      /** @description To many requests */
+      429: {
+        content: {
+          'application/json': components['schemas']['Error'];
+        };
+      };
       /** @description Internal server error */
       500: {
         content: {
@@ -27798,6 +29118,12 @@ export type operations = {
           'application/json': components['schemas']['Error'];
         };
       };
+      /** @description To many requests */
+      429: {
+        content: {
+          'application/json': components['schemas']['Error'];
+        };
+      };
       /** @description Internal server error */
       500: {
         content: {
@@ -27854,6 +29180,12 @@ export type operations = {
           'application/json': components['schemas']['Error'];
         };
       };
+      /** @description To many requests */
+      429: {
+        content: {
+          'application/json': components['schemas']['Error'];
+        };
+      };
       /** @description Internal server error */
       500: {
         content: {
@@ -27929,6 +29261,12 @@ export type operations = {
           'application/json': components['schemas']['Error'];
         };
       };
+      /** @description To many requests */
+      429: {
+        content: {
+          'application/json': components['schemas']['Error'];
+        };
+      };
       /** @description Internal server error */
       500: {
         content: {
@@ -27982,6 +29320,12 @@ export type operations = {
           'application/json': components['schemas']['Error'];
         };
       };
+      /** @description To many requests */
+      429: {
+        content: {
+          'application/json': components['schemas']['Error'];
+        };
+      };
       /** @description Internal server error */
       500: {
         content: {
@@ -28040,6 +29384,12 @@ export type operations = {
           'application/json': components['schemas']['Error'];
         };
       };
+      /** @description To many requests */
+      429: {
+        content: {
+          'application/json': components['schemas']['Error'];
+        };
+      };
       /** @description Internal server error */
       500: {
         content: {
@@ -28104,6 +29454,12 @@ export type operations = {
           'application/json': components['schemas']['Error'];
         };
       };
+      /** @description To many requests */
+      429: {
+        content: {
+          'application/json': components['schemas']['Error'];
+        };
+      };
       /** @description Internal server error */
       500: {
         content: {
@@ -28162,6 +29518,12 @@ export type operations = {
           'application/json': components['schemas']['Error'];
         };
       };
+      /** @description To many requests */
+      429: {
+        content: {
+          'application/json': components['schemas']['Error'];
+        };
+      };
       /** @description Internal server error */
       500: {
         content: {
@@ -28219,6 +29581,12 @@ export type operations = {
           'application/json': components['schemas']['Error'];
         };
       };
+      /** @description To many requests */
+      429: {
+        content: {
+          'application/json': components['schemas']['Error'];
+        };
+      };
       /** @description Internal server error */
       500: {
         content: {
@@ -28273,6 +29641,12 @@ export type operations = {
           'application/json': components['schemas']['Error'];
         };
       };
+      /** @description To many requests */
+      429: {
+        content: {
+          'application/json': components['schemas']['Error'];
+        };
+      };
       /** @description Internal server error */
       500: {
         content: {
@@ -28373,6 +29747,12 @@ export type operations = {
           'application/json': components['schemas']['Error'];
         };
       };
+      /** @description To many requests */
+      429: {
+        content: {
+          'application/json': components['schemas']['Error'];
+        };
+      };
       /** @description Internal server error */
       500: {
         content: {
@@ -28490,6 +29870,12 @@ export type operations = {
           'application/json': components['schemas']['Error'];
         };
       };
+      /** @description To many requests */
+      429: {
+        content: {
+          'application/json': components['schemas']['Error'];
+        };
+      };
       /** @description Internal server error */
       500: {
         content: {
@@ -28544,6 +29930,12 @@ export type operations = {
           'application/json': components['schemas']['Error'];
         };
       };
+      /** @description To many requests */
+      429: {
+        content: {
+          'application/json': components['schemas']['Error'];
+        };
+      };
       /** @description Internal server error */
       500: {
         content: {
@@ -28663,6 +30055,12 @@ export type operations = {
           'application/json': components['schemas']['Error'];
         };
       };
+      /** @description To many requests */
+      429: {
+        content: {
+          'application/json': components['schemas']['Error'];
+        };
+      };
       /** @description Internal server error */
       500: {
         content: {
@@ -28715,6 +30113,12 @@ export type operations = {
           'application/json': components['schemas']['Error'];
         };
       };
+      /** @description To many requests */
+      429: {
+        content: {
+          'application/json': components['schemas']['Error'];
+        };
+      };
       /** @description Internal server error */
       500: {
         content: {
@@ -28775,6 +30179,12 @@ export type operations = {
           'application/json': components['schemas']['Error'];
         };
       };
+      /** @description To many requests */
+      429: {
+        content: {
+          'application/json': components['schemas']['Error'];
+        };
+      };
       /** @description Internal server error */
       500: {
         content: {
@@ -28837,6 +30247,12 @@ export type operations = {
           'application/json': components['schemas']['Error'];
         };
       };
+      /** @description To many requests */
+      429: {
+        content: {
+          'application/json': components['schemas']['Error'];
+        };
+      };
       /** @description Internal server error */
       500: {
         content: {
@@ -28883,6 +30299,12 @@ export type operations = {
           'application/json': components['schemas']['Error'];
         };
       };
+      /** @description To many requests */
+      429: {
+        content: {
+          'application/json': components['schemas']['Error'];
+        };
+      };
       /** @description Internal server error */
       500: {
         content: {
@@ -28937,6 +30359,12 @@ export type operations = {
           'application/json': components['schemas']['Error'];
         };
       };
+      /** @description To many requests */
+      429: {
+        content: {
+          'application/json': components['schemas']['Error'];
+        };
+      };
       /** @description Internal server error */
       500: {
         content: {
@@ -28989,6 +30417,12 @@ export type operations = {
           'application/json': components['schemas']['Error'];
         };
       };
+      /** @description To many requests */
+      429: {
+        content: {
+          'application/json': components['schemas']['Error'];
+        };
+      };
       /** @description Internal server error */
       500: {
         content: {
@@ -29047,6 +30481,12 @@ export type operations = {
           'application/json': components['schemas']['Error'];
         };
       };
+      /** @description To many requests */
+      429: {
+        content: {
+          'application/json': components['schemas']['Error'];
+        };
+      };
       /** @description Internal server error */
       500: {
         content: {
-- 
GitLab


From ebdfb2feb77594271e85a0c479480c21e2bd44c1 Mon Sep 17 00:00:00 2001
From: tess <me@thvxl.se>
Date: Fri, 22 Nov 2024 19:55:50 +0100
Subject: [PATCH 3/8] Comply with type for Packed<'Note'>

---
 packages/backend/src/core/entities/NoteEntityService.ts | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/packages/backend/src/core/entities/NoteEntityService.ts b/packages/backend/src/core/entities/NoteEntityService.ts
index 985245aeb1..37bca3ff31 100644
--- a/packages/backend/src/core/entities/NoteEntityService.ts
+++ b/packages/backend/src/core/entities/NoteEntityService.ts
@@ -162,8 +162,8 @@ export class NoteEntityService implements OnModuleInit {
 			packedNote.reactionAcceptance = null;
 			packedNote.reactionAndUserPairCache = undefined;
 			packedNote.reactionCount = 0;
-			packedNote.reactionEmojis = undefined;
-			packedNote.reactions = undefined;
+			packedNote.reactionEmojis = {};
+			packedNote.reactions = {};
 			packedNote.isHidden = true;
 		}
 	}
-- 
GitLab


From ab992422a8d52f2a67af988aab5dd5b98a439f7e Mon Sep 17 00:00:00 2001
From: dakkar <dakkar@thenautilus.net>
Date: Fri, 22 Nov 2024 22:59:13 +0000
Subject: [PATCH 4/8] bump version

---
 package.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/package.json b/package.json
index 76cfbadb23..b3cf3f13a9 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
 	"name": "sharkey",
-	"version": "2024.9.3",
+	"version": "2024.9.4",
 	"codename": "shonk",
 	"repository": {
 		"type": "git",
-- 
GitLab


From 8e07eb7f44b948587a4a0436c84ddeeb327740c5 Mon Sep 17 00:00:00 2001
From: dakkar <dakkar@thenautilus.net>
Date: Fri, 22 Nov 2024 23:14:37 +0000
Subject: [PATCH 5/8] remove duplicate `limit`

the `users/lists/push` endpoint already has a limit, of 30/hour
---
 .../backend/src/server/api/endpoints/users/lists/push.ts    | 6 ------
 1 file changed, 6 deletions(-)

diff --git a/packages/backend/src/server/api/endpoints/users/lists/push.ts b/packages/backend/src/server/api/endpoints/users/lists/push.ts
index 4ba0fea314..c717b3959c 100644
--- a/packages/backend/src/server/api/endpoints/users/lists/push.ts
+++ b/packages/backend/src/server/api/endpoints/users/lists/push.ts
@@ -59,12 +59,6 @@ export const meta = {
 			id: '2dd9752e-a338-413d-8eec-41814430989b',
 		},
 	},
-
-	// 5 calls per second
-	limit: {
-		duration: 1000,
-		max: 5,
-	},
 } as const;
 
 export const paramDef = {
-- 
GitLab


From a51fef29c00c6520bc403c3538ad2c4a3ffb1df8 Mon Sep 17 00:00:00 2001
From: dakkar <dakkar@thenautilus.net>
Date: Fri, 22 Nov 2024 23:25:07 +0000
Subject: [PATCH 6/8] remove `minInterval` from `FileServerService`

when showing a reply, browser will request the replied-to avatar twice
at the same time, and get confused if one of the requests is refused

something similar seems to happen with videos and their previews
---
 packages/backend/src/server/FileServerService.ts | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/packages/backend/src/server/FileServerService.ts b/packages/backend/src/server/FileServerService.ts
index be196373c4..24ce9fa358 100644
--- a/packages/backend/src/server/FileServerService.ts
+++ b/packages/backend/src/server/FileServerService.ts
@@ -629,9 +629,6 @@ export class FileServerService {
 			// Maximum of 10 requests / 10 minutes
 			max: 10,
 			duration: 1000 * 60 * 10,
-
-			// Minimum of 250 ms between each request
-			minInterval: 250,
 		};
 
 		// Rate limit proxy requests
-- 
GitLab


From a47590e64cd36c238d25517b640fd06197062867 Mon Sep 17 00:00:00 2001
From: Hazelnoot <acomputerdog@gmail.com>
Date: Mon, 25 Nov 2024 13:03:16 -0500
Subject: [PATCH 7/8] add shared (cross-resource) rate limit for proxy

---
 .../backend/src/server/FileServerService.ts   | 35 +++++++++++++++----
 1 file changed, 28 insertions(+), 7 deletions(-)

diff --git a/packages/backend/src/server/FileServerService.ts b/packages/backend/src/server/FileServerService.ts
index 24ce9fa358..a4d0588fbe 100644
--- a/packages/backend/src/server/FileServerService.ts
+++ b/packages/backend/src/server/FileServerService.ts
@@ -31,6 +31,7 @@ import { handleRequestRedirectToOmitSearch } from '@/misc/fastify-hook-handlers.
 import { RateLimiterService } from '@/server/api/RateLimiterService.js';
 import { getIpHash } from '@/misc/get-ip-hash.js';
 import { AuthenticateService } from '@/server/api/AuthenticateService.js';
+import type { IEndpointMeta } from '@/server/api/endpoints.js';
 import type { FastifyInstance, FastifyRequest, FastifyReply, FastifyPluginOptions } from 'fastify';
 import type Limiter from 'ratelimiter';
 
@@ -82,7 +83,7 @@ export class FileServerService {
 			});
 
 			fastify.get<{ Params: { key: string; } }>('/files/:key', async (request, reply) => {
-				if (!await this.checkRateLimit(request, reply, `/files/${request.params.key}`)) return;
+				if (!await this.checkRateLimit(request, reply, '/files/', request.params.key)) return;
 
 				return await this.sendDriveFile(request, reply)
 					.catch(err => this.errorHandler(request, reply, err));
@@ -109,7 +110,7 @@ export class FileServerService {
 			keyUrl.username = '';
 			keyUrl.password = '';
 
-			if (!await this.checkRateLimit(request, reply, `/proxy/${keyUrl}`)) return;
+			if (!await this.checkRateLimit(request, reply, '/proxy/', keyUrl.href)) return;
 
 			return await this.proxyHandler(request, reply)
 				.catch(err => this.errorHandler(request, reply, err));
@@ -603,7 +604,8 @@ export class FileServerService {
 			Params?: Record<string, unknown> | unknown,
 		}>,
 		reply: FastifyReply,
-		rateLimitKey: string,
+		group: string,
+		resource: string,
 	): Promise<boolean> {
 		const body = request.method === 'GET'
 			? request.query
@@ -622,29 +624,48 @@ export class FileServerService {
 		const [user] = await this.authenticateService.authenticate(token);
 		const actor = user?.id ?? getIpHash(request.ip);
 
+		// Call both limits: the per-resource limit and the shared cross-resource limit
+		return await this.checkResourceLimit(reply, actor, group, resource) && await this.checkSharedLimit(reply, actor, group);
+	}
+
+	private async checkResourceLimit(reply: FastifyReply, actor: string, group: string, resource: string): Promise<boolean> {
 		const limit = {
 			// Group by resource
-			key: rateLimitKey,
+			key: `${group}${resource}`,
 
 			// Maximum of 10 requests / 10 minutes
 			max: 10,
 			duration: 1000 * 60 * 10,
 		};
 
-		// Rate limit proxy requests
+		return await this.checkLimit(reply, actor, limit);
+	}
+
+	private async checkSharedLimit(reply: FastifyReply, actor: string, group: string): Promise<boolean> {
+		const limit = {
+			key: group,
+
+			// Maximum of 3600 requests per hour, which is an average of 1 per second.
+			max: 3600,
+			duration: 1000 * 60 * 60,
+		};
+
+		return await this.checkLimit(reply, actor, limit);
+	}
+
+	private async checkLimit(reply: FastifyReply, actor: string, limit: IEndpointMeta['limit'] & { key: NonNullable<string> }): Promise<boolean> {
 		try {
 			await this.rateLimiterService.limit(limit, actor);
 			return true;
 		} catch (err) {
 			// errはLimiter.LimiterInfoであることが期待される
-			reply.code(429);
-
 			if (hasRateLimitInfo(err)) {
 				const cooldownInSeconds = Math.ceil((err.info.resetMs - Date.now()) / 1000);
 				// もしかするとマイナスになる可能性がなくはないのでマイナスだったら0にしておく
 				reply.header('Retry-After', Math.max(cooldownInSeconds, 0).toString(10));
 			}
 
+			reply.code(429);
 			reply.send({
 				message: 'Rate limit exceeded. Please try again later.',
 				code: 'RATE_LIMIT_EXCEEDED',
-- 
GitLab


From 22bb09c6ed9f0124baae92f20229c6a0902a21f1 Mon Sep 17 00:00:00 2001
From: Julia Johannesen <julia@insertdomain.name>
Date: Thu, 28 Nov 2024 01:09:05 -0500
Subject: [PATCH 8/8] Bump develop version

---
 package.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/package.json b/package.json
index b3cf3f13a9..6e84882440 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
 	"name": "sharkey",
-	"version": "2024.9.4",
+	"version": "2024.10.0-dev",
 	"codename": "shonk",
 	"repository": {
 		"type": "git",
-- 
GitLab