The limit is somewhat higher than 10 calls per second, but it’s hard to predict exactly what it will be. It’s per public IP address making a connection to api.particle.io.
The best way to avoid the limit is to use HTTP/2. The limit is enforced upon initial connection, but with HTTP/2 you can make multiple API calls on a single TCP connection. The 2nd and subsequent calls on the same connection don’t count against the limit.