@Xaekai
I’ll point out that you need to make your code allow for HTML responses at any time. When the site is put into anti-DDoS protection, you will always get HTML back from API.
I’d suggest checking the server’s response headers for the content type and accounting for such issues with a graceful timeout/failure mode.