BE-48: Testnet Rate Limits + Abuse Controls for Public Endpoints

[Cedarich]

Complexity: 150 points
Branch: feat/be-testnet-abuse-controls
Summary
Add testnet-focused abuse protection to avoid API/RPC exhaustion during contributor testing and public demos.
Tasks

• Add route-level rate limits for public endpoints (quotes, metadata, scan).
• Add per-IP and per-API-key throttles with sensible defaults for testnet.
• Add an allowlist for CI and trusted contributors to reduce friction.
• Add metrics and logs for blocked requests.
  Acceptance Criteria
• Abuse patterns are throttled without breaking normal contributor workflows.
• Operators can observe throttling in metrics.
• Trusted allowlist paths are audited and safe.

---

[Yash-Karakoti]

@Yash-Karakoti has applied to work on this issue as part of the Stellar Wave Program's 5th wave.

i can surely do this, kindly assign !!

ℹ️ Repo Maintainers: To accept this application, review their application or assign @Yash-Karakoti to this issue.

[amehsamuel200225-sketch]

@amehsamuel200225-sketch has applied to work on this issue as part of the Stellar Wave Program's 5th wave.

Hi…. I’m a software engineer, let me fix this issue please!

ℹ️ Repo Maintainers: To accept this application, review their application or assign @amehsamuel200225-sketch to this issue.

[drips-wave]

Congratulations, @amehsamuel200225-sketch! 🎉 Your application was accepted by the repo's maintainers, and the issue is due on June 2, 2026.

🧑‍💻 @amehsamuel200225-sketch: Please resolve the issue such that the repo's maintainers have enough time to review your contribution before the due date. You'll earn Points for completing the issue on-time, which will make you eligible for a share of the Stellar Wave Program's reward pool.

Warning

When opening a PR, please link it to this issue to ensure it gets tracked accurately. Points are awarded when this issue is marked as completed by the maintainer.

🤠 Repo maintainers: Please keep an eye on the contributor's progress and review their work before the due date. You can manage this issue, including adjusting its complexity and points, here.

🌊 Happy Wave 🌊