Can you define an API call better? Is it any call made with your application/key? If so, how do you handle monetary DoS?

Yes, so an API call is an authentication request. To prevent monetary DoS, right now we're thinking of a couple of ways: We're considering to charge per user per month, this way apps/websites would not be charged per api call. We're also considering to have a rate-limit per account per device, and also limiting the number of unique phone numbers that can be registered from the same device on some period of time.

Any suggestions for this would great!