ok, I contacted support and received an answer including rate limits which I am allowed to share here, including the following preface:
these limits are subject to change. Another point of clarification is that they are dependent on the type of authentication used, so if someone is using OAuth the rate limits are different and are for the entire application, not per user. For context, this complexity is what has prevented us from publishing these more broadly in the past.
and here are the rate limits I received:
FILE_COST = 50; // Equates to 120 req/min and 24000 req/day per user
IMAGE_COST = 200; // Equates to 30 req/min and 6000 req/day per user
VERSION_COST = 100; // Equates to 60 req/min and 12000 req/day per user
COMMENT_COST = 20; // Equates to 300 req/min and 60000 req/day per user
WEBHOOK_COST = 20; // Equates to 300 req/min and 60000 req/day per user
TEAM_COST = 20; // Equates to 300 req/min and 60000 req/day per user
PROJECT_COST = 20; // Equates to 300 req/min and 60000 req/day per user
FILE_IMAGE_COST = 20; // Equates to 300 req/min and 60000 req/day per user
SELECTION_COST = 20; // Equates to 300 req/min and 60000 req/day per user
RECENT_FILES_COST = 10; // Equates to 600 req/min and 120000 req/day per user
Hope this helps other folks like me to at least get an idea of might be possible wrong if she/he hits a ‘rate limit exceeded’ 429 