WEB-3761No Rate Limiting on Private URL
In the past, minecraft.net allowed the user to verify if an account name existed while they were on the path to purchase a new account. This page called an API route I'd never seen before, and it responded... pretty fast! Great.
On every keystroke, this route was called. For example, to validate my name (DeJayDev):
https://api.mojang.com/user/profile/agent/minecraft/name/D
https://api.mojang.com/user/profile/agent/minecraft/name/De
https://api.mojang.com/user/profile/agent/minecraft/name/DeJ
https://api.mojang.com/user/profile/agent/minecraft/name/DeJa
https://api.mojang.com/user/profile/agent/minecraft/name/DeJay
https://api.mojang.com/user/profile/agent/minecraft/name/DeJayD
https://api.mojang.com/user/profile/agent/minecraft/name/DeJayDe
https://api.mojang.com/user/profile/agent/minecraft/name/DeJayDev
You can call this route... As fast as you'd like in order to get a usernames.. username and UUID. No ratelimit is imposed. Given that the registration page used to use this route is no longer in use, this route should be disabled. If it is still in use somewhere, I recommend implementing the standard ratelimit used by other api.mojang.com paths and https://api.minecraftservices.com/minecraft/profile/name/DeJayDev/available
