Security / Throttling users via api_dev_key

How can we prevent abuse on such system with a Product requirement that we allow guests? meaning it is very clear that we can setup a DB to count number of pastes per api_dev_key and create a business model around it, however we allow guests, how can it be throttled / secured from abuse?

you could use IP, fingerprints, or something that identify the user, then you can apply the same logic as api_dev_key