How do you handle rate-limiting, authentication, and error handling when building public-facing APIs for ITAC Solutions?