Pembatasan Laju Adaptif Berbasis Verifiable Delay Function untuk Mitigasi Penyalahgunaan API pada Gateway Edge Ringan

API abuse on lightweight edge gateways has intensified as microservice-based services expose many REST endpoints to heterogeneous clients. Conventional per-identity rate limiting, such as static token buckets, is frequently bypassed through distributed bots and identity rotation, while legitimate burst traffic may be rejected and degrade user experience. This study proposes Adaptive Rate Limiting with Verifiable Delay Functions (ARL-VDF), which couples a lightweight risk score with selective VDF challenges to impose a tunable sequential-computation cost on suspicious clients without forcing aggressive dropping for low-risk users. The gateway continuously derives a per-identity risk score from short-window request rate, error tendency, and identity freshness, then maps the score to a target delay bounded by  and . Evaluation uses a 600-second discrete-event simulation on a mixed workload consisting of normal clients, legitimate bursts, and distributed attackers. Compared with a static token bucket baseline, ARL-VDF maintains full success for legitimate traffic, reduces attacker throughput that passes the gateway, and keeps verification overhead within a fixed budget on the edge device. The results indicate that combining adaptive control with verifiable sequential cost can improve availability and fairness on resource-constrained edge gateways without resorting to aggressive dropping.