Security solution for API

Hello,

We have encountered an attack on our resource (API section) - api.mydomain.com. The attackers are using a scripted scenario involving the execution of sequential requests to our resource. Previously, they targeted the main domain (https://mydomain.com) with their attack, but we mitigated it by enabling Under Attack Mode. Unfortunately, we cannot employ the same approach to secure the API, as our product relies on SPA pages for the frontend and a mobile application that directly communicates with the API.

Do you have any protective functionality in place that can prevent the execution of scripted scenarios or any other features that could assist us in resolving this issue?