The way i would solve this:
- Create a table with 2 columns: Userid and timestamp
- Encapsulate the API-call in a server-action
- When calling this server action:
- Check if there are 3 records in the new table for this user
- IF so: check if the oldest is more than x-minutes old
- If so reject the call
- If not more then 3 records: create record with userid and currdatetime and call the api
- Else delete oldest timestamp for this user and create new record for this user with currdatetime
- Call the API
The x-minutes you could store in site-property.