Identify endpoints that lack rate limiting, particularly login, password reset, coupon code validation, and search. - Test whether rate limits are per-user, per-IP, per-API-key, or global. Can you bypass rate limits by rotating API keys or using the GraphQL endpoint instead of REST?