For OAuth authentication do the rate limits apply to the zendesk account that makes the API calls or Zendesk account that owns the data?

For OAuth authentication a third party app needs a Zendesk account to get a client id.
This third party app needs to manage the data from multiple Zendesk support accounts.
How does rate limiting apply in this scenario? The rate limits are applied to the third party  app Zendesk account or the Zendesk support account?

What authentication type is recommended for managing multiple Zendesk support accounts?
If global OAuth is recommended, the process of obtaining it is slow?