What is a "private" API?
One of the comments I keep seeing in the YouTube issue concerning Microsoft vs Google is the notion of Microsoft using private APIs? What exactly is a "private" API? Especially in the context a web service, such as YouTube.
Regular APIs calls that exist locally on you machine and can not be validated from a central place (i.e. a server). Normal "private" API are usually hacks to get things to work, and the authors of those API don't want you to use them because they may change later and are potential dangerous if used incorrectly.
Web based APIs are completely different, here is my understanding of how a web API works, please correct me if I am wrong.
Each app that wants to access a web service has a unique id.
Every time an app wants to access that service it sends a request with its unique id and the service returns a response. If the API is truly private the server should know that the app requesting it and not send back a response. This allow the service to track which apps are accessing it and to what extent.
Google basically block Microsoft app, by making all API they were accessing not respond, i.e. private.
What about "spoofing"?
I assume each app id, is encrypted. Asynchronous encryption, the kind that runs entire web, is another complex subject so lets disregard it for now, and if Microsoft was spoofing someone else's app id, there app would still be up and running.
Thanks for reading, I am genuinely curious because I am currently working on adding Facebook integration into an app I am working on, and assume that YouTube access works very similarly.
TLDR? There is no such thing as a private YouTube API.