diff --git a/src/app.ts b/src/app.ts
index 29886c89..c9d51441 100644
--- a/src/app.ts
+++ b/src/app.ts
@@ -227,11 +227,33 @@ app.post('/api/v1/accounts/:pubkey{[0-9a-f]{64}}/block', requireSigner, blockCon
 app.post('/api/v1/accounts/:pubkey{[0-9a-f]{64}}/unblock', requireSigner, unblockController);
 app.post('/api/v1/accounts/:pubkey{[0-9a-f]{64}}/mute', requireSigner, muteController);
 app.post('/api/v1/accounts/:pubkey{[0-9a-f]{64}}/unmute', requireSigner, unmuteController);
-app.post('/api/v1/accounts/:pubkey{[0-9a-f]{64}}/follow', requireSigner, followController);
-app.post('/api/v1/accounts/:pubkey{[0-9a-f]{64}}/unfollow', requireSigner, unfollowController);
-app.get('/api/v1/accounts/:pubkey{[0-9a-f]{64}}/followers', followersController);
-app.get('/api/v1/accounts/:pubkey{[0-9a-f]{64}}/following', followingController);
-app.get('/api/v1/accounts/:pubkey{[0-9a-f]{64}}/statuses', accountStatusesController);
+app.post(
+  '/api/v1/accounts/:pubkey{[0-9a-f]{64}}/follow',
+  rateLimitMiddleware(2, Time.seconds(1)),
+  requireSigner,
+  followController,
+);
+app.post(
+  '/api/v1/accounts/:pubkey{[0-9a-f]{64}}/unfollow',
+  rateLimitMiddleware(2, Time.seconds(1)),
+  requireSigner,
+  unfollowController,
+);
+app.get(
+  '/api/v1/accounts/:pubkey{[0-9a-f]{64}}/followers',
+  rateLimitMiddleware(8, Time.seconds(30)),
+  followersController,
+);
+app.get(
+  '/api/v1/accounts/:pubkey{[0-9a-f]{64}}/following',
+  rateLimitMiddleware(8, Time.seconds(30)),
+  followingController,
+);
+app.get(
+  '/api/v1/accounts/:pubkey{[0-9a-f]{64}}/statuses',
+  rateLimitMiddleware(12, Time.seconds(30)),
+  accountStatusesController,
+);
 app.get('/api/v1/accounts/:pubkey{[0-9a-f]{64}}', accountController);
 
 app.get('/api/v1/statuses/:id{[0-9a-f]{64}}/favourited_by', favouritedByController);
@@ -264,10 +286,10 @@ app.put(
 );
 app.post('/api/v2/media', mediaController);
 
-app.get('/api/v1/timelines/home', requireSigner, homeTimelineController);
-app.get('/api/v1/timelines/public', publicTimelineController);
-app.get('/api/v1/timelines/tag/:hashtag', hashtagTimelineController);
-app.get('/api/v1/timelines/suggested', suggestedTimelineController);
+app.get('/api/v1/timelines/home', rateLimitMiddleware(8, Time.seconds(30)), requireSigner, homeTimelineController);
+app.get('/api/v1/timelines/public', rateLimitMiddleware(8, Time.seconds(30)), publicTimelineController);
+app.get('/api/v1/timelines/tag/:hashtag', rateLimitMiddleware(8, Time.seconds(30)), hashtagTimelineController);
+app.get('/api/v1/timelines/suggested', rateLimitMiddleware(8, Time.seconds(30)), suggestedTimelineController);
 
 app.get('/api/v1/preferences', preferencesController);
 app.get('/api/v1/search', searchController);
@@ -275,7 +297,7 @@ app.get('/api/v2/search', searchController);
 
 app.get('/api/pleroma/frontend_configurations', frontendConfigController);
 
-app.get('/api/v1/trends/statuses', trendingStatusesController);
+app.get('/api/v1/trends/statuses', rateLimitMiddleware(8, Time.seconds(30)), trendingStatusesController);
 app.get('/api/v1/trends/links', trendingLinksController);
 app.get('/api/v1/trends/tags', trendingTagsController);
 app.get('/api/v1/trends', trendingTagsController);
@@ -283,7 +305,7 @@ app.get('/api/v1/trends', trendingTagsController);
 app.get('/api/v1/suggestions', suggestionsV1Controller);
 app.get('/api/v2/suggestions', suggestionsV2Controller);
 
-app.get('/api/v1/notifications', requireSigner, notificationsController);
+app.get('/api/v1/notifications', rateLimitMiddleware(8, Time.seconds(30)), requireSigner, notificationsController);
 app.get('/api/v1/notifications/:id', requireSigner, notificationController);
 
 app.get('/api/v1/favourites', requireSigner, favouritesController);