For requests made without a valid authentication token, your API should permit 10 requests/minute. These requests should be rate-limited on a per-IP address basis.
For requests made with a valid authentication token, your API should permit 30 requests per minute. These requests should be rate-limited on a per-user basis.
Your API should be rate-limited as follows: