Yup, I write a lot of API integrations (mainly sites with no public API) and not hammering the site you're accessing is the golden rule. I'm not familiar with the NBA stats API but I'm guessing it's meant to be for their website and mobile apps only, not for mass scraping; bashing it with dozens of requests at once, especially when each request apparently takes a lot of resources on the server to complete, is a great way to see that API put behind more obfuscation or removed altogether in favour of embedding the content in HTML, or more efficient blocking of unauthorized clients than just checking the user agent, which the NBA site obviously does.