> If companies are concerned about non-human access they should make an official API instead of their website being a de-facto unofficial API
This is often impractical for several important use cases, like image rendering and PDF generation. Just hand waving away the cost of developing dedicated, pure APIs won't make companies more likely to do so.
> If they are concerned about fraud they will be woefully defended by CAPTCHA, it makes no judgement on the validity of transactions at all and doesn't prevent frauds signing in manually.
There are many different vectors of attack and fraud and CAPTCHA tackles one of them. It's silly to say it's unnecessary just because it doesn't cover all fraudulent activity
This is often impractical for several important use cases, like image rendering and PDF generation. Just hand waving away the cost of developing dedicated, pure APIs won't make companies more likely to do so.
> If they are concerned about fraud they will be woefully defended by CAPTCHA, it makes no judgement on the validity of transactions at all and doesn't prevent frauds signing in manually.
There are many different vectors of attack and fraud and CAPTCHA tackles one of them. It's silly to say it's unnecessary just because it doesn't cover all fraudulent activity