I know that, currently, there aren't any account-level API limits. However, when trying to make a few thousand requests in a couple of minutes - to import our current users using an automated system - I believe I triggered DDOS protections and we were unable to access Desk  at all for a few days from our office

What safe limit should I put on requests to prevent getting locked out in the future?