Each endpoint should only expose the data needed for function
Ex. /device/connect, /device/status, /device/control
Each token and session has access only to scoped devices and actions
Avoid multi-action endpoints; each should do one thing and rate-limited
Backend service segmentation to isolate WebSocket bridges from admin APIs
Admin/internal endpoints are LAN isolated
Admin/API key abuse revocation
Per-device: 60 requests per minute
Per-user: 300 requests per 5 minutes
Queue limit: 10 mins requestsÂ
Login: 5 attempts pre hour
Discovery/scan: 2 per minute session
Do not log payload contents unless explicitly flagged for debugging
Sanitize logs of BLE UUIDs, access tokens, or error stack traces