What have others done to prevent someone (or a bot) from using your account’s APIs constantly, resulting in potentially very expensive bills? Is there already a configurable time-based call limit on the FlightXML side? I am trying to figure out a way to prevent this scenario but still allow legitimate API calls to go through.
Your server backend should be designed to be able to cache requests that are common between users and reuse a recent, previously issued FlightXML request. Your backend should simultaneously be enforcing what ever rate limiting goals or cumulative request totals that you want.