High frequency state-change propagation don't scale well on APIs. In such setups, one ends up paying for the connection setup/tear-down, and handling clients concurrency gets expensive.
Usually, a per-user access token with a 5 download limit per day is good enough, and can be scripted into peoples blacklist generation cycle.
Keep in mind, some ban-lists take awhile to compile and remove redundant subnets etc. It is important to hit the proxy/tor exit nodes first, than the usual country codes for nuisance traffic from users.
This is what people often do with abandoned forum traffic, or hammered VoIP routers. =3