To protect the web application from unauthorized automated usage, you should:

• Check the roles of the web application
• Allow anonymous users for the application only in individual cases without backend integration

• Schedule jobs only with limited users

• Activate Captcha after 3 failed logins