[Backend] Add Rate Limiting to Public FastAPI Endpoints

[jpdevhub]

Description

Our production FastAPI backend currently accepts unrestricted requests. To prevent abuse of our Hugging Face inference resources and Supabase database, we need rate limiting.

Tasks

1. Install slowapi in the backend API.
2. Configure a rate limiter (e.g., 20 requests/minute per IP) for the /api/v1/scan-auto and /api/v1/maps/markets endpoints.
3. Return clean 429 Too Many Requests JSON responses when the limit is hit.

[sks-007]

Hi @jpdevhub
I'm an SSOC contributor and would love to work on this issue. Could you please assign it to me?

[Tirthpanchori]

Hey @jpdevhub, I would like to work in this issue under SSOC'26, I've added rate limiting to my personal projects and in one project under SSOC also and my pr got merged. I would highly appreciate it if you assign it to me. Thank you!

[Excalibur677]

Hey @jpdevhub, I'd love to claim this one! I can get slowapi integrated smoothly, set up the 20 req/min limit on the public scan and market map endpoints, and ensure 429 errors return a clean JSON response. Please assign this to me!

Quick Plan

• Install Dependency: Add slowapi to backend/requirements.txt.

         Effect: Brings in the standard rate-limiting middleware for FastAPI.
  

• Initialize Limiter: Set up the global Limiter instance in backend/main.py (or a utility file) using get_remote_address to track client IPs. Register the RateLimitExceeded exception handler.

           Effect: Enables the backend to intercept spam requests and automatically throw a clean HTTP 429 JSON payload.
  

• Protect Endpoints: Import the limiter into the respective API router files and attach the @limiter.limit("20/minute") decorator to the /scan-auto and /maps/markets route handlers.

            Effect: Restricts resource consumption per IP on those specific high-cost endpoints while leaving the rest of the API unaffected.