Fighting API Bots with Cloudflare's Invisible Turnstile
Troy Hunt
AUGUST 21, 2023
Problem is, that was a very rudimentary IP-based rate limit and it could be circumvented by someone with enough IPs, so fast forward a bit further and I put auth on the API which required a nominal payment to access it. "Avoid ever showing a visual puzzle to a user" is a polite way of saying they avoid the sucky UX of CAPTCHA.
Let's personalize your content