API security – Automated Hacks

Rate Limiting Is Older Than “APIs”: How the 1990–1994 Web Learned to Say “Slow Down” (Chapter 21)

In the Web’s earliest years (1990–1994), “APIs” weren’t yet a mainstream product—but HTTP endpoints already needed protection. This chapter traces how rate limiting quietly became a security and business tool as early servers faced scarce resources, buggy clients, and the first automated traffic.

Chapter 18 (1990–1994): The Web Is Born, HTTP Gets Practical, and the Earliest Clues of Delegated Authorization

Before OAuth 1.0 existed, the early Web (1990–1994) made key decisions—stateless HTTP, Basic Auth, CGI, and cookies—that eventually demanded delegated authorization for APIs.