diff --git a/UAT_PLAYBOOK.md b/UAT_PLAYBOOK.md
index 68d6d25..c5a8519 100644
--- a/UAT_PLAYBOOK.md
+++ b/UAT_PLAYBOOK.md
@@ -177,6 +177,17 @@ GroomBook API is a Hono-based REST service (TypeScript/Node.js) powering the pet
 | TC-API-14.4 | Update group notes | PATCH /api/appointment-groups/{id} with notes | 200 OK, notes updated |
 | TC-API-14.5 | Cancel group | DELETE /api/appointment-groups/{id} | 200 OK, all appointments cancelled |
 
+### 4.15 Rate Limiting
+
+| # | Scenario | Steps | Expected |
+|---|----------|-------|----------|
+| TC-API-15.1 | Sign-in email: within limit | POST /api/auth/sign-in/email 10 times within 60s | All requests return 200 OK, no 429 |
+| TC-API-15.2 | Sign-in social: within limit | POST /api/auth/sign-in/social 10 times within 60s | All requests return 200 OK, no 429 |
+| TC-API-15.3 | Sign-up email: within limit | POST /api/auth/sign-up/email 5 times within 60s | All requests return 200 OK, no 429 |
+| TC-API-15.4 | Sign-in email: beyond limit | POST /api/auth/sign-in/email 11 times within 60s | 11th request returns 429 Too Many Requests |
+| TC-API-15.5 | Sign-in social: beyond limit | POST /api/auth/sign-in/social 11 times within 60s | 11th request returns 429 Too Many Requests |
+| TC-API-15.6 | Sign-up email: beyond limit | POST /api/auth/sign-up/email 6 times within 60s | 6th request returns 429 Too Many Requests |
+
 ## Pass/Fail Criteria
 
 **Pass:**