Cookies may help, but the errors I was getting were also different too as this was a response to "curl" accessing the api functions. I originally had curl not touching cookies and all was fine till they up the requirements on the cloudflare?? access mechanism. So without cookies suddenly my api calls were being rejected so I looked at the error response and figured that cookies was the most likely cause. And it was.
The rate limiting error seems to be a glitch more than anything else, so even with cookies (which you need now) it can appear even when not doing anything in particular.
The best I can determine is that when a new browser, IP address, or other parameter appears that cloudflare?? hasn't seen before the connection is only allowed a very small rate of updates (web page uses api calls) and if that is exceeded, which is most likely, you get that error message and locked out for a small period.