Those botnets are hitting random endpoints thousands of times a minute.
The problem is that each time they switch to a different residential IP so that they are untraceable.
That's the frustrating part: not only do they not play by the rules, but they use advanced methods to obfuscate and bypass any protections. That probably costs them a fair amount too, all that to access free data they can download as a tar file...
They won't be able to create thousands of API keys a minute, and if they reuse the keys they'll very easily be identified and blocked.
They won't be able to create thousands of API keys a minute, and if they reuse the keys they'll very easily be identified and blocked.