How can Twitter and other platforms prevent third party clients from using their API?
A while ago Twitter made changes to their API that prevents the use of third party clients. Reddit apparent did something simmilar. How is that possible on a technical level?
The way I understand it, if you open the official twitter app or visit the official twitter website it makes a API call to retrieve the content it then displays. Couldn't third party applications just do the exact same thing? Twitter could prevent websites from doing that by not allowing CORS, but apps could just ignore the CORS header. If a third party application made those API calls from a central server it would be easy to identify by the number of requests and could be banned / rate limited, but a app could just make the API calls directly from a users device to prevent that.
Even if everything else is impossible, couldn't a third party client just internally run a browser, visit the official website, and extract the content from there?
