Did you consider API keys? Via email? That’s at least a natural throttle.

It's a public price API. There is no authentication required to list prices.

Host a static json file?

Preferably on a provider with no egress fees.

Could you explain why that API is meant to be public and what benefits it brings to human users? What kind of data does it return?

In addition to blocking/throttling, I have my services provide bad data to the abusing clients.

As in "valid" but false data? Please don't. If you really don't want to indicate rate limiting explicitly, then perhaps return an invalid body, or reset the connection or similar. False positives detecting humans as bots are very common, and even rate limits are often set well within human interaction limits. E.g. more than once I've triggered 429s by opening several e-commerce product pages in new tabs for me to ctrl+tab through and filter down. I also tripped a LinkedIn anti-automation system since I was looking through quite a lot of profiles on my first day to add people - luckily they handled this well, with a clear message explaining what was going on and support reaching out to me proactively (and lifting the restriction after a few hours)

If I block and throttle you already then yes, I reserve the right to break your downstream service by feeding you bad data.