java - How to protect API from from malicious usage -

we developing community portal service using java-spring , angular ui. going have android app soon. our back-end exposes many services via rest api. there couple of services allows anonymous posting , creating service requests.

here our questions:

• how can protect api ddos-like attacks? can ip whitelisting or put cap on requests per minute set of apis?
• how can log such malicious requests?