You should also support Web Bot Auth and make it required to have a customer-specific abuse contact in the user-agent header so that people can send invoices to those customers for when your customers cause downtime due to excessive scraping.

Yes, that’s a very good point! We’ll look into this for SDK usage. What do you recommend for the public repo where it's harder to enforce runtime headers?