On the general level this request is generated, it perfectly reduced to the following:
But I was thinking of a plan
To dye one's whiskers green,
And always use so large a fan
That it could not be seen.
The idea to "change name" makes no sense at all. At best, this is what's called
Security through obscurity.
As to "a very difficult task", sorry, this is nonsense: Visual Studio changes names on whole solution in no time through its refactoring engine. However, if you have to support already deployed client units, you have to support old name. Then change of the name (not introduction of new name) is not "a difficult task", it's just not a solution. But this is not a solution anyway.
All you need is to follow some simple logic: if you want to trust one client some data, you provide it. I have no idea why you consider your service "hacked". If some downloaded a lot of your data, this is what it is; it happens because you allow to do so. I cannot see any signs of "hacking", unless you provide some convincing evidence.
What to do? The answer is pretty simple: it's fully defined by the required functionality of your service. You have to expose what is needed for this functionality, and nothing else. All talking of "security" is simply irrelevant.
A separate decision is: you either use user authentication or not. If you do, the users having access to the system have to register; other users have no access to anything sensitive.
—SA