In the API Discovery dashboard, the Rate Limit button allows to define a Rate Limit value (per second, per minute, per hour) per API endpoint and to configure a User Identifier, for example "per JWT Claim 'email'".
But the administrator doesn't know the right value to set: what is the base line of a legitimate user?

Ask for feature: Discover the Base Line per API endpoint AND based on the User Identifier defined in the LB.

Base Line = number of Request per Second, Minute, Hour.

Nota Bene: I don't ask for the feature "Discover the Base Line per API endpoint" that is done by CloudFlare. The claimed objective is: protect the service from a DoS. Impact: legitimate users are impacted. Result: the DOS is still successful and faster.