Describe your approach to securing a public-facing API gateway against distributed denial-of-service (DDoS) and credential-stuffing attacks at Kraken.