[Mandatum]

That’s typically why it’s a good idea to include a crappy “generate API” key button so you can block traffic like this, you don’t even need a registration process - someone can just email with reference to their API key to discuss their issues.

[usrbinbash]

> you don’t even need a registration process

You should put it behind a CAPTCHA of some sort however, otherwise, some smartass will just write a "library" auto-fetching an api key as soon as the one it has currently cached stops working.

And yes, that is an annoyance to users, but so what? Please direct all complaints to the comparatively small number of people responsible for the fact that the rest of us cannot have nice things.

[Etheryte]

This is not really a problem, you can easily disable generating new keys and sidestep the problem. Everyone who's legit can keep using their old keys.

[ransackdev]

CAPTCHA is for humans while this json service is for machines