SpotAPI Vault fingerprints you by IP, User-Agent, and X-Request-ID. All three are user-controlled. Rotate all headers to bypass rate limiting and brute force the vault PIN.
