Security: DDOS attack prevention for open endpoints tRPC

So we are building an application and got multiple trpc endpoints associated with it, some of them are private and a few public ones (like login etc). While we can rate limit on the number of requests to prevent DDOS and similar attacks, the batch calls still stays vulnerable, what are the general methods to prevent these, and are there some precautions to take to limit the number of calls or access to these open endpoints
Nick173d ago
That generally goes in front of your api, Cloudflare for instance is very popular for DDOS protection, but I believe even API Gateway has some features