Authentication and the Have I Been Pwned API
Troy Hunt
JULY 18, 2019
Even with the rate limit of 1 request every 1,500ms per IP address enforced, that graph shows a very clear influx of requests peaking at 14k per minute. Because it returns generic, non-personal data it doesn't need to be protected in the same fashion (plus it's really aggressively cached at Cloudflare).
Let's personalize your content