Remix.run Logo
Uehreka 7 days ago

This will not end well.

If someone with millions or billions of dollars doesn’t have an official API after operating for years, that’s because they don’t want to have one. You may receive a Cease and Desist letter, or they might block your IPs, or just scramble their markup in ways that are hard to figure out. Whatever their approach, they likely have more money and manpower to throw at stopping you than you have to evade them, especially if you’re doing this to multiple large and powerful companies.

smashah 7 days ago | parent | next [-]

This is legal. See Teller API. Venmo will most likely lose if they take these devs to court based on precedent.

I don't like this trend of small time OSS devs being berated about legal bullying from megacorps, meanwhile handsomely VC-funded businesses get congratulated with legal help. We should be berating these companies of not releasing the APIs that people want to use!

We're in an age of AI, built atop agents, agents built atop APIs. APIs were the promise of Web 2.0, a promise being ripped away from us more and more by the day by these megacorps.

There should be a SPECIFIC legal funds/OSS unions protecting these Adversarial Interoperability projects and their maintainers from legal threat harassment by megacorps.

Just in the last 2 years we've had multiple near/passed-trillion dollar companies sending legal threats to OSS devs who have to fight them off on their own - one of them 15 years old.

Thank you alanalanlu and richardyhz for this project. Godspeed! And screw Venmo if they dare go after these two maintainers and their project!

colesantiago 7 days ago | parent [-]

Unfortunately it's all fun until Integruru or you get a cease and desist.

Will Integruru support you in your legal fight in court?

Most devs aren't ready to lawyer up.

elzbardico 7 days ago | parent [-]

You get a cease and desist letter, you cease and desist doing the stuff if you don't want / can't afford a legal fight.

Then you post the cease and desist letter on your website, and post about it on hacker news.

colesantiago 7 days ago | parent [-]

And everyone using the API will break.

Very risky business.

lojack 7 days ago | parent [-]

The first time I had the plug pulled on a public API a product I worked on used sucked pretty bad. At this point its happened to me so many times that its just another line item of business risks thats an inevitability. I've never worked at a company that failed to recover as a result. Then again, I've never worked at a company whose entire business hinged on one single API.

The likelihood of things breaking or behaving in unexpected ways are data points I think about when assessing risk irrespective of whether an API is public or not. In some industries even the public APIs are more risky than using the unofficial Venmo API likely is.

melody_calling 7 days ago | parent | prev | next [-]

I'd be surprised if this was even noticed at all.

It's a third-party client making authentication and data collection requests, just like the hundreds of other credential stuffing toolkits (OpenBullet et al.) that are smashing the Venmo platform 24/7.

The most likely outcome for anyone using this is their account becoming restricted for unusual access patterns by the existing models already in place.

solardev 7 days ago | parent | prev [-]

I'd also be a bit worried about using something like this in production, especially if it's packaged as a npm lib. Even if the original maintainer has good intentions, it'd be all too easy for some malicious actor to offer them a million dollars to introduce a trojan/credential MITM scraper to later versions.