Comment by zx8080
25 days ago
Nothing prevents scraper from creating a free account and sending auth token in API requests.
I'm not saying the API changes are pointless, but still, what's the catch?
25 days ago
Nothing prevents scraper from creating a free account and sending auth token in API requests.
I'm not saying the API changes are pointless, but still, what's the catch?
It's much easier to detect a single account abusing your API and ban them/require payment. Trying to police an endpoint open to the internet is like playing g whackamole
Those botnets are hitting random endpoints thousands of times a minute. The problem is that each time they switch to a different residential IP so that they are untraceable. That's the frustrating part: not only do they not play by the rules, but they use advanced methods to obfuscate and bypass any protections. That probably costs them a fair amount too, all that to access free data they can download as a tar file...
They won't be able to create thousands of API keys a minute, and if they reuse the keys they'll very easily be identified and blocked.