When should you use a rate limiter?

So, I've been thinking a lot about keeping our APIs stable and, you know, stopping them from getting overloaded or abused. Rate limiting feels like a big part of that. I'm wondering, when do you guys usually decide it's time to put rate limits in place? Is it when traffic hits a certain level, if you see weird user behavior, or is it something else? What are some common approaches you've used or seen, and what should we definitely avoid?