With the new GOG Galaxy will GOG have an official API that third parties can use? Perhaps using OAuth2 for authentication (e.g. user logs into a website via their browser and is given a short code to copy into the client to authenticate)?

I think it would help to emphasise the DRM free nature of the platform if others are allowed to join the party. And this community can be quite creative when given the tools so who knows what they might come up with!

It sounds like you expect the Galaxy client to run non-GOG games, is this correct? Like you can add any game to Steam and launch it through there even though it wasn't bought there?

No that's not what I mean at all. I mean like say Bob wants to make his very own GOG client. I think it would be great if he could do that using officially supported APIs.

Or say Bob wants to make a GOG search engine? If GOG Galaxy supports searching GOG.com then he should be able to use the same APIs in his own web app.

Or maybe Bob wants to create an app that uploads your profile to the Wiki. Rather than scraping the website, it'd be cool if they could just use the API.

There's probably loads more uses that I haven't even thought of.

Hmm, I never thought of anything like that. While it sure would be cool to have access to GOG data, I'm not sure GOG would be interested in making it available. After all, it could potentially create a metric fuckton of traffic on their servers that didn't really benefit them in any way.

Well presumably their client will have access to this data so it'd already be available because they can't really stop people from hacking together an application that uses unofficial APIs (see the linux downloader). Also people already scrap the HTML from GOG.com, which causes more traffic then a simple API would.

They could help stop unintentional abuse by requiring third party clients to have an API key. If the client using that key looks to be abusing the service then that key can be revoked (or throttled) with an email sent to the author to explain the problem.

Yes, but the thing about HTML scraping is that it's not done in real-time. The MaGOG search engine for instance scrapes the catalog once a day and caches the data, then all searches in the engine are done in the cached data. That's what, 700 page views in a day? Not a lot, anyway. However, had the search engine been made with a GOG API, it would call the GOG servers every time it was used. Less data would be transferred per call of course, but there would be a lot more calls.

And that's just the game catalog. Imagine the server load a forum search API could make.

Why couldn't it cache results? It still could. In fact if that is a major concern, GOG could provide an api that delivers all results in one single request which could be cached for, say. 6 hours by MaGog's servers.

Look, if someone wants to be abusive towards GOG's services they can be whether or not GOG.com has an official API. An API just provides away for responsible people to interact with GOG's services while having a known limit (e.g. just about every API on the planet says something like "you may make X requests within Y time with responses being no larger than Z").

Well, I suppose you're right. I just think that if people are forced to resort to HTML scraping, less people will put pressure on the GOG servers than if an official API was avaiable. Still, interesting things could indeed be made with an API, so there's that.

Civilized discussion: You can't beat it :-D