> What likely happened here is a remote team was paid to generate docs with a directive like, “Smartcar has a good API,” and stole them directly.
They didn't steal the docs (not only the docs). They stole the whole public facing architecture as evidenced by the fact that they are using in some instances the exact same API resources names and method names.
But we don't know that, do we? They only showed some auth code. The OP does _not_ show that Otonomo has duplicated any business APIs, and Otonomo took their docs down. Unless someone has proof Otonomo copied more than just the examples documented in the OP, this is just pure PR fluff.
Yes, unless the business API was duplicated as well (and as noted above, there is no indication that they were), it just points to someone being lazy in writing up auth documentation.
Duplicated parameter names would be expected in this case, and preferred actually, so that they conform to the OAuth spec :-) The descriptive text is not an exact copy as well. From what we know, the only damning bit is that parameter values were exactly the same as in smartcar's documentation, which while not condonable, is not as egregious as it would be, had Otonomo cloned the business API as well.
I would like to believe that interoperability trumps copyright in this case - a competitor copying an API/protocol and making a compatible, competing service is good for the consumer.
I'm not saying that. I'm saying that if they copied parameter names verbatim, it's very likely that they designed the API with the same public facing approach. Possibly with the goal of attracting Smartcar customers with the premise that they just need to change an endpoint and an api key and it would work out of the box.
And BTW, your first line doesn't add anything to the conversation. Is your argument stronger by saying that "I don't know what I'm talking about"? Check the guidelines: https://news.ycombinator.com/newsguidelines.html - The idea here is to have a civil discussion.
The APIs in the blog post were not invented by Smartcar. Like most HTTP-based APIs, Smartcar's authorization endpoints follow the OAuth 2.0 standard, which specifies the exact parameter names and how they should work: https://tools.ietf.org/html/rfc6749#section-4.2.1
Maybe Otonomo copied more than that, but the blog post only covers the OAuth stuff, so it's incorrect to conclude that Otonomo "stole the whole public facing architecture".
Yea, Otonomo obviously lifted from Smartcar's docs, which is lazy and unclassy, but it's not _that_ big of a deal. I bet most people who implement OAuth end up using an existing company's API docs as a guide; they just usually know better than to copy entire sentences.
The Smartcar blog post is over the top. It makes it seem like their OAuth docs are their value proposition. I really hope it didn't take "months of ideation, engineering, chatting with customers, and iteration" to dream them up.
They didn't steal the docs (not only the docs). They stole the whole public facing architecture as evidenced by the fact that they are using in some instances the exact same API resources names and method names.