WEB-2484Highly needed captcha for the Mojang API's namechange endpoint
Hello,
I have recently noticed a great chunk of people creating programs to claim specific Minecraft Java Edition names onto their own accounts as soon as the names become available, and how these programs work is essentially by spamming POST web requests to your namechange endpoint (https://api.mojang.com/user/profile/<uuidOfAccount>/name).
The competition created by these numerous existing programs fighting against each other has led to that spam being massive (I would believe thousands of requests), and I fear that is potentially putting unnecessary stress on your network and machines.
To combat this, I would suggest you to add a required Google reCAPTCHA response to the POST body of the name change endpoint, as this would certainly decrease the amount of requests sent to the endpoint considering the developers of the programs would need a valid Google reCAPTCHA response for each request, which would defintely not be simple or affordable for them.
This would of course also require you to add a Google reCAPTCHA form after a user clicks on the "Change name" button on https://my.minecraft.net/profile in order for them to generate a valid response, but as you have done this on numerous other places on the website (when registering an account or signing into an account for example), I do not see this being any big hassle for you.
A user is only able to change their name every thirty days, so I do not really see a downside of this as the user would so rarely have to solve this captcha, and therefore I hope it can be implemented so that the stress caused by these programs can be reduced greatly.
Best regards,
Michael (dummy)
