Rate limiting blocks users, bots, or applications that are over-using or abusing the API.
Rate limiting is specified at the key level; you can set the maximum number of requests per second in the settings for each key. You can also specify the key used to identify each request so that subsequent requests from the same key can be blocked. This can be done by setting the x-user-id header in Run Workflow (Server-side requests) or Get Token request.
For example, if you wish to handle requests from an authenticated user, you can specify the user ID so that each user will be rate-limited individually. On the other hand, if you have anonymous users, you can choose not to pass any value in the header. In such cases, we will consider them as originating from the same source, and they will all be rate-limited collectively.