Unrestricted Resource Consumption

one request, thousands of actions. Rate-limit bypass via header rotation, ?limit=1000000 melting the DB, bulk endpoints fanning out to provider APIs, the /export firehose, leading-wildcard search, and billable LLM/SMS abuse. How an API ends up DoS-ing both itself and its own wallet.