Someone make a fork of the anonymous high orbit ion cannon that hits all of their web/API ports. Maybe a setting of 1 request in a random time period from 2 minutes to 20 minutes, to stay below IDS thresholds.
https://github.com/Samsar4/Ethical-Hacking-Labs/blob/master/9-Denial-of-Service/2-DDoS-using-HOIC.md