How to have each user with their own API limits?

Question

The project I'm working on is a set of tools for users to manage their own accounts. For example, generic users will be able to access and update their Drive or calendars, and for administrators they can additionally get lists of their users and groups and manage those.

My concern is the API limits. At this point in time the project's client ID and secret are hard-coded because I want users to just be able to download and run the tools (which is working great until someone queries all users and uses up half of the daily limit for one of the APIs). I realize I can request more API calls, but I'm not sure that's the best solution.

In order to have each user on their own API limits, will I need to have each person using it set up a new Google Code project with its own set of limits? Or is there a way to allow the same project to have limits based on domain? I'm not sure what best practice is.

Edit: I should mention I'm authenticating via OAuth2.0 using 2-legged authentication, as my understanding was that was the best way to do it for administrators and users... should I be using 3-legged instead?

Answer 1

This is (probably) not an answer, but ...

A good question is precisely what is an "app". In this answer What is the limit on Google Drive API usage?, Nivco from Google says "Currently for the Drive API it reads "Courtesy limit: 10,000,000 queries/day". It's a per app quota"

and on the API Console, your project can consist of many "apps", each with its own client ID.

So, either (a) the term "app", being ill-defined, is being used incorrectly, or (b) you can achieve what you are looking for by creating multiple apps within your project.

Sadly, I suspect it's (a), but might be worth confirming.