I'm not sure why he's making such a big thing about the API help documentation, It's fairly standard practice to make that info publicly available. Maybe he doesn't have much experience of working with APIs?
That doesn't in any way excuse the lack of OAuth, or the inclusion of the customerID in the URL though, they should be roasted for that...
Biting the hand that feeds IT
