Rate limiting

The Customers API uses spike arrests and quotas to ensure rate limiting. Spikes are identified by client IP. Quotas are identified by authorization token. Quotas are limited per minute and countdown starts from the first request sent. Exceeding limitations will result in 429 TOO_MANY_REQUESTS. Clients needs to limit the amount of requests they are allowing through with the same authorization token to make sure that Denial-of-Service does not happen.