> If that's all so, could the PoGo devs simply enforce some type of device authentication to 'shut down' these APIs, or otherwise take different steps to make unofficial APIs less compatible/more difficult/effectively impossible?
That's impossible. If you try this you'll either have a bunch of false positives or even more likely a patched api around 12 hours later. Never underestimate the dedication of botters. There are multiple headless WoW Apis around for 10 years now and Blizzard isn't able to close them out.
Agreed. Googling 'pokemon go lvl20' shows a bunch of accounts for sale already, if people are buying them the motivation to keep botting will be there.
The best way to handle this is with account-specific API keys. Even that would just mean creating an account, and the only real benefit to that is that you could track the API key, and if it did "bot-like" things, ban it. That's not really a fix, just a barrier for entry, preventing poorly thought out bots from working.
I'm pretty sure this already exists. These APIs have been in development for a couple of weeks now and as far as I can tell (from watching the /r/pokemongodev subreddit) there haven't been any bans. Niantic, at present, don't appear to have any automated system attempting to catch bot-like behavior.
That's impossible. If you try this you'll either have a bunch of false positives or even more likely a patched api around 12 hours later. Never underestimate the dedication of botters. There are multiple headless WoW Apis around for 10 years now and Blizzard isn't able to close them out.