How to add X-Ratelimit limiting for API End points

[AvijaRanjithTR]

I Have an API Endpoint and a malicious low-privileged user trying to capture my request via a proxy tool, sends it to the intruder tool and generates 100 requests and all the requests went to successfully and all requests returned 200 ok status.

I want to use rate limiting for the above issues like within 2 minutes. I can send only 10 requests and if the user sends the 11th request, he has to wait for the remaining minutes left. after 2 minutes of completion, one can send new request.

I want to go with the above approach, not at the application server code level but I need to implement it on the WEb API management level can anyone help me on this?