We've experienced a DDoS attack. TCP connections were flooded; we received 60 times more connections than normal. We use Cloudflare to protect our APIs. But the attacker targeted other ports, therefore, reducing the quota for good requests.
With help from our infrastructure partner, we restricted this traffic and also increased the number of machines that process regular requests.
To prevent this from happening in the future, we will restrict the origin of all incoming requests so we can easily filter/block them.