Support per API-Key Limits

[jmank88]

We need to support alternate limits for specific clients. Instead of listing specific IP addresses (like with -nolimit) some sort of api-key included in the header would be more general and flexible (e.g. changing IPs, sharing a single key between multiple machines). The rpm per key could then be specified via a flag whose value is a csv of : separated pairs of key and rpm - <key>:<rpm>. For example:

-limits AKXOXLEK:100,LXKFGODK:10

Perhaps an entry without an rpm value could mean -nolimit, and then we could deprecate the -nolimit flag.

-limits AKOXLEK,LXKFGODK:10

The API key format should remain as flexible as possible (any UTF-8 plaintext?) to maximize compatibility with any generation method.

[jmank88]

Which HTTP header should we use for the api-key? Is there a standard one that is appropriate?

[treeder]

Authorization header typically.

Authorization: Bearer TOKEN