#Apps SDK/MCP question

1 messages · Page 1 of 1 (latest)

topaz mason Jan 10, 2026, 11:07 AM

Apps SDK/MCP question: For an app where users can create content visible to others, what’s the recommended approach for: (1) abuse/rate limiting, (2) user identity/auth, and (3) tool annotations (e.g., openWorldHint) for user-generated content?

inland palm Mar 22, 2026, 11:36 PM

Abuse/rate limiting: enforce in your backend with per-user/IP limits and quotas
User identity/auth: use OAuth or login and map requests to an internal user ID
Tool annotations: use them as hints for behavior, but enforce access, permissions, and validation server-side