docs(UAT): add rate limit test cases for PR #11

Added TC-API-15.1 through TC-API-15.6 covering sign-in/sign-up rate limit boundaries for email and social providers. Refs: GRO-1244 Updated UAT_PLAYBOOK.md §4.15 Co-Authored-By: Paperclip <noreply@paperclip.ing>
2026-05-14 13:08:40 +00:00
1 changed files with 11 additions and 0 deletions
@@ -177,6 +177,17 @@ GroomBook API is a Hono-based REST service (TypeScript/Node.js) powering the pet
 | TC-API-14.4 | Update group notes | PATCH /api/appointment-groups/{id} with notes | 200 OK, notes updated |
 | TC-API-14.5 | Cancel group | DELETE /api/appointment-groups/{id} | 200 OK, all appointments cancelled |

+### 4.15 Rate Limiting
+
+| # | Scenario | Steps | Expected |
+|---|----------|-------|----------|
+| TC-API-15.1 | Sign-in email: within limit | POST /api/auth/sign-in/email 10 times within 60s | All requests return 200 OK, no 429 |
+| TC-API-15.2 | Sign-in social: within limit | POST /api/auth/sign-in/social 10 times within 60s | All requests return 200 OK, no 429 |
+| TC-API-15.3 | Sign-up email: within limit | POST /api/auth/sign-up/email 5 times within 60s | All requests return 200 OK, no 429 |
+| TC-API-15.4 | Sign-in email: beyond limit | POST /api/auth/sign-in/email 11 times within 60s | 11th request returns 429 Too Many Requests |
+| TC-API-15.5 | Sign-in social: beyond limit | POST /api/auth/sign-in/social 11 times within 60s | 11th request returns 429 Too Many Requests |
+| TC-API-15.6 | Sign-up email: beyond limit | POST /api/auth/sign-up/email 6 times within 60s | 6th request returns 429 Too Many Requests |
+
 ## Pass/Fail Criteria

 **Pass:**