An API call filtering system filters responses to API call requests received, via a network, from user devices. The API call filtering system is configured to require personalized API call requests wherein each API call (except for some minor exceptions) includes a unique endpoint identifier (“UEID”) of the user device making the request. Using the UEID, the web service or other service protected by the API call filtering system can be secured against excessive request iterations from a set of rogue user devices while allowing for ordinary volumes of requests of requests the user devices, wherein one or more boundaries between what is deemed to be an ordinary volume of requests and what is deemed to be excessive request iterations are determined by predetermined criteria.