Great question @chewwwwwwwwww, I try to let people use the API for as many different use-cases as possible. So while there’s no hard limit, there is a soft limit for behaviour flagged as malicious.
There’s plenty of apps using the API that have gone viral and sent massive spikes of traffic, all fine and handled without limits. However if it can’t realistically be attributed to this, of even someone infrequently load testing testing their app, then the rate-limiter could kick in.
For instance behaviour that looks like a DDOS attack, or even more basic patterns like 1000’s of request per second from the same IP without waiting for a response.
If you’re getting erroneously rate-limited (429 or 5XX response code depending on the use-case), then just send me an email with the details and i’ll have a look.