You seem annoyed at either possibility here. Which would you prefer?
Because if they let third party scrapers access the private data without user action, it’s not private and they may as well not do this at all.
Right now, one must manually allow scraping and make profiles public, to share their data with a third party. If Valve would let developers use an API, this wouldn’t be necessary.
Now that they’re letting us hide games, the third parties will miss them, while scraping. So this seemed like the right thread to make these comments. Now, a true solution, seems more “necessary,” because of this new scenario.
The obvious solution would be to take some token as an argument to the api calls that is private to the user, which would signify a consent to share also the hidden data.
I think there already is a token like this for steam item trading, in case your profile is private?
I.e if you don’t provide that argument, share only public stuff to the caller. If you do, it’s a explicit choice by you, since you are required to provide your credentials in some form of a token.