Is the rate limit based on IP or in authentication?

[michelkluger]

I would like to prevent users from avoiding our limitations by using a VPN or something like that.

can I make the limitation of requests based on user authentication? or UUID? idk

[thentgesMindee]

You can use the key_func you want. Let's say you want to limit based on your authenticated user's UUID: make sure your key_func returns this UUID.

EDIT: you probably retrieve this in a dependency, so having a look at this discussion might help a bit