We have safeguards in place to protect against abuse/DoS attacks as well as order book manipulation caused by the rapid placing and canceling of orders.
Every user of our API has a "call counter" which starts at 0.
Ledger/trade history calls increase the counter by 2.
Place/cancel order calls do not affect the counter.
All other API calls including balance checks increase the counter by 1.
The user's counter is reduced every couple of seconds, and if the counter exceeds the user's maximum API access is suspended for 15 minutes. Tier 2 users have a maximum of 15 and their count gets reduced by 1 every 3 seconds. Tier 3 and 4 users have a maximum of 20; the count is reduced by 1 every 2 seconds for tier 3 users, and is reduced by 1 every 1 second for tier 4 users.
Although placing and cancelling orders does not increase the counter, there are separate limits in place to prevent order book manipulation. Only placing orders you intend to fill and keeping the rate down to 1 per second is generally enough to not hit this limit.