As someone that does a lot of data scraping, I can probably say that most of the techniques you come up with will probably be useless. 99% of the time I don't need to look at your code I just need to look at the requests and responses and I can build my own client.
The other 1% of the time, I will just hit F12 to open inspector, look at the stacktrace of your XHR request, put breakpoints here and there, fire up the request again and I will know how to build your request.
If you minify the code, I will just prettify it, again built into the inspector.
If you use webasm, that might slow me down a bit because most of the sites I've looked at don't do that and therefore I don't have experience with it, but I'm sure I can figure it out eventually. Maybe in the future, it will become more popular.
However, if you're willing to invest time into it, compiling your app into native code has prevented me from reverse engineering the API requests. I just don't know how, though I've recently been doing some research about it. It's not going to stop someone that does know how, but it makes it MUCH harder for someone random like me to come across your site and just hit F12 and walk away with all your endpoints.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
As someone that does a lot of data scraping, I can probably say that most of the techniques you come up with will probably be useless. 99% of the time I don't need to look at your code I just need to look at the requests and responses and I can build my own client.
The other 1% of the time, I will just hit F12 to open inspector, look at the stacktrace of your XHR request, put breakpoints here and there, fire up the request again and I will know how to build your request.
If you minify the code, I will just prettify it, again built into the inspector.
If you use webasm, that might slow me down a bit because most of the sites I've looked at don't do that and therefore I don't have experience with it, but I'm sure I can figure it out eventually. Maybe in the future, it will become more popular.
Basically if you provide an API, it can be used by unauthorized users.
I would recommend focusing on making it harder for people who are using your API's to be able to accomplish what they want. Focus on social and legal avenues to protect yourself. If someone's stealing your data for profit, hit them with a lawsuit if that's an option.
However, if you're willing to invest time into it, compiling your app into native code has prevented me from reverse engineering the API requests. I just don't know how, though I've recently been doing some research about it. It's not going to stop someone that does know how, but it makes it MUCH harder for someone random like me to come across your site and just hit F12 and walk away with all your endpoints.