Yeah, if there is one thing you can count on, you have customers/clients that are smarter than the people building your product and the people building the product usually pay no attention to possible edge cases or abuses until they happen and it costs some $$$ to fix. I work on a product with problems like this. My solution to the company (rejected) was to provide a authenticated (Read Only, metered) API to technical customers that they could request an access key through their account and maybe even charge a very small fee for monthly access to the API. The API already exists and it is used for everything the product does but some customers have built janky workarounds for auto-scrapers that are more taxing on the system and break easily. This would be very little effort to make a lot of people very happy but the "business" didn't want to hear how to make them happy, they wanted to know how to stop the client/customer. Archive: https://archive.today/l8efZ From the post: >>Hold on, I'm not at all joking. The McDonald's app developers put a lot of effort into policing the clients allowed to even dream about running the app. The app was checking for: