Companies either want to be earning money from an API, or they want to keep it secret.
An internal API which people reverse engineer and use is just going to lead to hassles later when you want to change the API, when people start writing bots or abuse the API in ways you hadn't imagined, or expose bugs in the API the official client didn't.
An internal API which people reverse engineer and use is just going to lead to hassles later when you want to change the API, when people start writing bots or abuse the API in ways you hadn't imagined, or expose bugs in the API the official client didn't.