Current API Gateway is Kong
Access request for the same account with multiple passwords in a given time span (brute force) [2A-1]
Call is successful but invalid scope was provided [3A-1]
Out of the ordinary number of valid requests [4A-1]
Excessive Number of Records for a Single Consumer [4B-2]
Valid tokens are trying to access operations that don't exist [5A-1]
IPs Trying to Access Services that Don't Exist [5B-2]
An unusual number of requests to sensitive operation from a single user [6A-1]