Isufficient Throttling with BioPortal API when Requests Come from Multiple IP Addresses

[alexskr]

We have noticed that the current setup using rack-attack to throttle requests to the BioPortal API is not sufficiently throttling requests when a single user makes requests from multiple IP addresses. It appears that rack-attack is primarily IP-based and doesn't account for scenarios where requests from the same user are distributed across various IPs, leading to exceeding the intended rate limits.

API requests should be throttled based on a combination of user identification (e.g., API keys) and IP addresses to ensure rate limits are consistently applied across all requests from the same user.