What library are you using? Can you tell us more about the endpoints you’re using to obtain access tokens (host, protocol, path)? How are you measuring the limit of 10 tokens requests per second – is this through real human usage? How are you interpreting/receiving the connection refused and forbidden messages? At which specific methods do you receive the errors?
There are no specific limits around issuing access tokens to a specific IP address or API key – however, if you’re attempting to perform automated testing of any kind, I recommend that you divorce your testing from actual execution of the API or token-acquiring methods.
