Typically when you do a composer install you clone a large number of Git repos. It’s been typical that you hit the API limit and have to manually create an OAuth token to continue downloading packages. Today in a comment on the Composer project issue tracker this restriction was addressed:
We’ve spent some time digging in, considering all the options to resolve your issues, weighing your needs against infrastructure strain and availability.
I’m happy to report that our Infrastructure team believes that due to their work on our Git backend since these APIs were introduced, we’re now able to drop these rate limits on the API side. We deployed those changes a couple of hours ago. Getting an archive link  via the API will no longer count against your hourly rate limit (authenticated or not). This should make Composer installs happy.