Yes, you will be throttled if you call attest() that frequently. Rate-limiting aside, you would not want to call it as often as every few seconds as you may begin to notice an adverse performance impact (the API call is computationally expensive, and not fast).
The logic you describe is good, but I'd recommend thinking carefully about what specific endpoint actions you need to protect. Typically it is appropriate to use SafetyNet Attestation alongside specific high value actions such as a login or payment transaction, for example. Doing so for every POST request you make may have little incremental benefit.
Depending on your use-case, the documentation makes an additional suggestion about how the API result should be used:
Ideally, you should use the SafetyNet Attestation API as an additional in-depth defense signal as part of an anti-abuse system, rather than the sole anti-abuse signal for your app.