Explain the difference between rate limiting and throttling, and how you would implement them to protect an API.