Rate limiting - some calls are from 'consumers' but most are not

I am attempting to rate limit a select group of users on a handful of APIS.

My initial thought was to create a consumer object for each user that I want to rate limit. And then add the rate limiting plugin to the service for the specific consumer.

Note that if the call is not associated with a consumer, I do not want it to be rate limited.

Am I thinking about this in the right way?
Is there another more accepted solution to this problem?