WAFs and API Gateways have rate limiting, IP lookup and bad signature recognition capabilities but these will only block brute force automated traffic. Correctly formed automated API traffic which is constructed for fraud and data scraping purposes will pass through these defenses. Approov is integrated into a number of these solutions for this reason.