Hacker News new | past | comments | ask | show | jobs | submit login

Does using an unofficial API authenticated with someone else (e.g. a customer)'s account count as a violation of the ToS? In other words: who gets reprimanded/sued? The final user or the messenger?



Someone please correct me (and someone for sure will), but I don't think you can get sued in most places for breaking the terms of service. The only thing (which is hinted in the name) they can effectively do is boot you off the platform.


Don't all of these libraries require you to provide your own credentials?

I do think this violates their ToS anyways though.


I'm sure it would, in some cases at least. I'd be more interested in understanding who gets the blame.


The few things I clicked on are scripts/modules you'd run yourself, so they're not really APIs in the commonly used sense, but website-wrappers that let you use the website as if it was an API. In that case, the user and the messengers are one and the same, the developer of the wrapper isn't involved at all in the transaction.

If it was Unofficial-API-As-A-Service, I'm pretty sure both would be in violation for most services. The user at least for sharing their account credentials, the UAAAS provider likely for some thing in the fine print about only being allowed to use the website for the intended purposes. I doubt either will get sued, the user will get their account cancelled and the provider will get their servers blocked and an angry letter from the lawyers telling them to stop.


Considering that Plaid, which is "please enter your bank username and password so we can validate you are who you say you are" is very common, just assume nobody cares about anything




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: