Comment by mr_monkey

Those botnets are hitting random endpoints thousands of times a minute. The problem is that each time they switch to a different residential IP so that they are untraceable. That's the frustrating part: not only do they not play by the rules, but they use advanced methods to obfuscate and bypass any protections. That probably costs them a fair amount too, all that to access free data they can download as a tar file...

They won't be able to create thousands of API keys a minute, and if they reuse the keys they'll very easily be identified and blocked.