Ethics of consuming a non public API

My mom is a teacher and she is going to be using an app to track her students’ behavior. Every several weeks she needs to be able to write a report about their behavior for the school system. The analytics that this app provides are next to nothing so I would like to help her out so that she doesn’t have to sit around and crunch numbers for these periodic reports.

This company doesn’t have a public API but I’ve been able to look at the network requests and figure it out the API they are using for their frontend JavaScript app. Is it unethical and/or frowned upon to reverse engineer a non-public API via the dev tools and use the data for myself? I sent the company an email, but I wanted to get the opinions of the smart people here before I hacked away!



  1. you’re only accessing data that your Mom’s account has access to
  2. and you’re not hammering the server in such a way that you’re burdening it significantly more than your Mom’s regular use would hit it
  3. and the site’s TOS doesn’t have terms that explicitly prohibit you

… then I think you’re fine. Sending them an email was probably a smart move in any event.

1 Like