I'm of the opinion that using unofficial clients for any online service should be a legal right (unless those unofficial clients cause harm to the respective service, but existing laws/regulations around that would already cover such cases). That doesn't mean the service has to specifically support the unofficial client, but they just can't intentionally block it (or forbid its use).
I am pretty certain that I can prove any client as harmful. I have been on the receiving end of apps misbehaving plenty of times, no matter which platform (JS, iOS, Android). And these were official apps with dedicated development teams.
Endless loops which flood you with API calls are a common issue, managing state is hard. Rate-limiting does not completely solve this.
Plus you can land in a situation where a user might associate bad experiences with an unofficial client with the actual service and thus leave with a bad impression overall.
This is the same argument AT&T used to forbid third party telephones on their network. It didn’t convince then, and it does not convince now. Tolerating third party clients should just be part of the cost of doing business and part of the design of robust protocols.
Doesn't your API have a problem if it can be misused that way? In other words, shouldn't your backend by default distrust the client using its API, no matter whether it's the official one or anything else? Even the official client can have bugs that bring down your backend.
