How do I throttle my site's API users?

Question

The legitimate users of my site occasionally hammer the server with API requests that cause undesirable results. I want to institute a limit of no more than say one API call

Answer 1

Simplest solution would be to just give each API key a limited number of requests per 24 hours, and reset them at some known, fixed, time.

If they exhaust their API requests (ie. the counter reaches zero, or the limit, depending on the direction you're counting), stop serving them data until you reset their counter.

This way, it will be in their best interest to not hammer you with requests.