I don't think there's a legal basis for preventing someone from reverse engineering an API in general.
The "non-circumvention" clause in the DMCA is often used to go after people reverse engineering DRM, but I fail to see how it would be applicable in this case.
The "non-circumvention" clause in the DMCA is often used to go after people reverse engineering DRM, but I fail to see how it would be applicable in this case.