I am trying to set rate limits for an endpoint which is accessed via an API token as a HTTP header. In order to protect the stability of the service, I want to set two distinct API rate limits: I want to reject the request if either a user is making more than 60 requests per minute, or if the total number of request across all users exceeds 60 requests per minute.