diff --git a/app/Http/Kernel.php b/app/Http/Kernel.php
index 096026772db8..2c281151206c 100644
--- a/app/Http/Kernel.php
+++ b/app/Http/Kernel.php
@@ -95,7 +95,7 @@ class Kernel extends HttpKernel
         ],
 
         'api' => [
-            'throttle:300,1',
+            // 'throttle:300,1',
             'bindings',
             'query_logging',
         ],
diff --git a/app/Providers/RouteServiceProvider.php b/app/Providers/RouteServiceProvider.php
index a67146b38c8f..87f1e84c5a3c 100644
--- a/app/Providers/RouteServiceProvider.php
+++ b/app/Providers/RouteServiceProvider.php
@@ -34,7 +34,6 @@ class RouteServiceProvider extends ServiceProvider
      */
     public function boot()
     {
-        //
         parent::boot();
     }
 
diff --git a/routes/api.php b/routes/api.php
index e0756307c8b7..a3c7936229fc 100644
--- a/routes/api.php
+++ b/routes/api.php
@@ -13,17 +13,17 @@
 
 use Illuminate\Support\Facades\Route;
 
-Route::group(['middleware' => ['api_secret_check']], function () {
+Route::group(['middleware' => ['throttle:10,1', 'api_secret_check']], function () {
     Route::post('api/v1/signup', 'AccountController@store')->name('signup.submit');
     Route::post('api/v1/oauth_login', 'Auth\LoginController@oauthApiLogin');
 });
 
-Route::group(['middleware' => ['api_secret_check','email_db']], function () {
+Route::group(['middleware' => ['throttle:10,1','api_secret_check','email_db']], function () {
     Route::post('api/v1/login', 'Auth\LoginController@apiLogin')->name('login.submit');
     Route::post('api/v1/reset_password', 'Auth\ForgotPasswordController@sendResetLinkEmail');
 });
 
-Route::group(['middleware' => ['api_db', 'token_auth', 'locale'], 'prefix' => 'api/v1', 'as' => 'api.'], function () {
+Route::group(['middleware' => ['throttle:300,1', 'api_db', 'token_auth', 'locale'], 'prefix' => 'api/v1', 'as' => 'api.'], function () {
     Route::post('check_subdomain', 'SubdomainController@index')->name('check_subdomain');
     Route::get('ping', 'PingController@index')->name('ping');
     Route::get('health_check', 'PingController@health')->name('health_check');
@@ -216,17 +216,17 @@ Route::group(['middleware' => ['api_db', 'token_auth', 'locale'], 'prefix' => 'a
 });
 
 Route::match(['get', 'post'], 'payment_webhook/{company_key}/{company_gateway_id}', 'PaymentWebhookController')
-    ->middleware(['guest'])
+    ->middleware(['throttle:1000,1','guest'])
     ->name('payment_webhook');
 
 Route::match(['get', 'post'], 'payment_notification_webhook/{company_key}/{company_gateway_id}/{client}', 'PaymentNotificationWebhookController')
-    ->middleware(['guest'])
+    ->middleware(['throttle:1000,1', 'guest'])
     ->name('payment_notification_webhook');
 
-Route::post('api/v1/postmark_webhook', 'PostMarkController@webhook')->middleware(['throttle:10000,1']);
-Route::get('token_hash_router', 'OneTimeTokenController@router');
-Route::get('webcron', 'WebCronController@index');
-Route::post('api/v1/get_migration_account', 'HostedMigrationController@getAccount')->middleware('guest');
-Route::post('api/v1/confirm_forwarding', 'HostedMigrationController@confirmForwarding')->middleware('guest');
+Route::post('api/v1/postmark_webhook', 'PostMarkController@webhook')->middleware('throttle:1000,1');
+Route::get('token_hash_router', 'OneTimeTokenController@router')->middleware('throttle:100,1');
+Route::get('webcron', 'WebCronController@index')->middleware('throttle:100,1');;
+Route::post('api/v1/get_migration_account', 'HostedMigrationController@getAccount')->middleware('guest')->middleware('throttle:100,1');;
+Route::post('api/v1/confirm_forwarding', 'HostedMigrationController@confirmForwarding')->middleware('guest')->middleware('throttle:100,1');;
 
 Route::fallback('BaseController@notFound');