Rate limitation is controlling the rate of traffic sent or received by a network interface controller. Rate limitation protects against denial-of-service (DDoS) attacks, brute-force login attempts, and other types of abusive behavior targeting the application layer. Rate limitation is also used in web API to ensure fair usage by as many people as possible, this provides a high-quality service is delivered for all users, and to protect client applications from unexpected loops.
There are many types of rate limitation. The most popular type of rate limitation is user rate limiting, this associates the number of requests a user is making to his API key or IP (depending on how network controller or service is configured). If the user exceeds the rate limit, then any further requests will be denied until rate limitation is increased or wait until the rate limitation is reset.
To further increase security in certain geographic regions, networks and services can set rate limits for particular regions and particular time periods. For instance, if network/service knows that there is no users in a particular region won’t be as active, then lower rate limitation can be applied for that particular region. This also helps reduce the risk of attacks or suspicious activities.
Don’t confused between rate limitation and bandwidth limitation. Here is a good article explaining what the differences between “rate limitation” and “bandwidth limitation” are: https://iwl.com/idocs/rate-limitation-vs-bandwidth-limitation