It is unlikely that a system with the scale of Twitter implements the API rate limiter in the backend. Usually you'd do this as early as possible together with other WAF stuff.
If IPs or IP ranges get really annoying we block them on the network level.
Big public sites like Twitter obviously need to have this technology. Due to their political content they probably also need sophisticated DDoS protection.