I think smaller companies tend to have the most open protocols (to the point that it almost becomes a security risk) because they don't have resources to work on unnecessary obfuscation. The protocols might not be documented anywhere but if a website is able to access a backend endpoint then someone else will be able to access that endpoint too.

Nothing in the parent comment says anything about requiring good documentation or 100% backwards compatibility.