So you're probably still vulnerable to this even with the key requirement, but they stopped once you removed the incentive? Did you notice what they were scraping?
- Moved everything to a VPS - way better value for money. Extra TB of traffic only costs €1-10 with Hetzner/DigitalOcean compared to 400€ with Vercel's old pricing.
- Put Cloudflare in front - gives me an extra layer of control (if I ever need it)
- Built a proper REST API - now there's an official way to use the converter programmatically
- Made email registration mandatory for API keys - lets me reach out before having to block anyone
That other server was probably running a scraper and then converting the html-websites to markdown. After about 2 weeks they noticed that I was just returning garbage and it stopped :)
I've had good success with Cloudflare's free-tier features for rate limiting. If you haven't tried it, it only takes a couple minutes to enable and should be pretty set-and-forget for your API.
- Moved everything to a VPS - way better value for money. Extra TB of traffic only costs €1-10 with Hetzner/DigitalOcean compared to 400€ with Vercel's old pricing.
- Put Cloudflare in front - gives me an extra layer of control (if I ever need it)
- Built a proper REST API - now there's an official way to use the converter programmatically
- Made email registration mandatory for API keys - lets me reach out before having to block anyone
That other server was probably running a scraper and then converting the html-websites to markdown. After about 2 weeks they noticed that I was just returning garbage and it stopped :)