The Overwolf API and You: A Primer

Howling at the moon


Published on November 12, 2021

While browsing the Internet, I noticed that Overwolf had finally made an in-depth announcement about their planned changes to CurseForge’s API and interoperability with third-party software. While I have largely given up on modding Minecraft, aspects of it remain a topic dear to my heart. As such, here’s a quick personal opinion on some of its aspects.

Note that the article is a bit of a ramble - I’m writing it fresh off studying the conversation surrounding the above-mentioned announcement. Apologies for the lower quality.

The Good Things

First and foremost, if you’re just a player using the official CurseForge app, none of this affects you - at least, not directly. The two primary groups who should take notice are:

  • people using third-party software which talks to CurseForge (MultiMC, GDLauncher, etc),
  • developers publishing projects on CurseForge.

The big news is that CurseForge is receiving a proper, authenticated API allowing access to its repository of projects. I see it as a good thing. Many areas of the community were forced to rely on a reverse-engineered, internal API. Having access to something with actual stability guarantees and actual documentation will certainly be helpful.

There are, however, thorns on this rose.

The Option

CurseForge, as a platform, relies on ad revenue from its users. Some percentage of it is used to pay modders back in the form of the rewards program. This is why it had a lot of appeal when it initially launched in the modding scene sometime in the mid-2010s - many developers already relied on services like ad-ridden link shorteners to monetize their work. CurseForge offered much better convienence and better payouts at the same time, so it made sense that the scene adopted it rather quickly.

However, official third-party access poses a problem. It is understandable that Overwolf doesn’t want to be funding a free ride - bandwidth costs, reward payouts - to entities and projects which are not partaking in the advertising system. The answer is simple - if a download doesn’t come from a source which displays ads, it should not be counted towards the rewards. This, then, poses another question: what if a modder would rather not have their mod used in this way? Their proposed solution to that is making availability of one’s mod via the API configurable - a modder may choose to make their mod unavailable, blocking automated access to downloading it outside of the Overwolf-CurseForge ecosystem and ensuring every download can be accounted for.

While I’m not a fan of this, I can understand why it is necessary. The Minecraft modding scene has long been built on the idea of respecting authors’ rights, something I’m absolutely in favor of. Many modders do rely on their income from modding to supplant their other sources of money or even, in rare cases, live off points altogether. In addition, the current status quo - external tools using a reverse-engineered API against the platform’s terms of service - isn’t exactly great. (On the other hand, one could point out commonly used tools like youtube-dl also violate the platforms’ terms of service.)

It’s not the end of the world for tooling, either. The modding scene has faced this problem in the past. To this day, ATLauncher provides a method to request a manual download of a mod they could not legally redistribute from the user - a dialog box pops up, requesting an URL to be opened and the file to be put in the correct directory. The lack of automated download availability has not been a show-stopper for modpack distribution, albeit it brings back a long-forgotten inconvienence compared to the current status quo.

What I really don’t like, however, is a couple of details surrounding this decision.

The Opt-Out

The announcement makes it clear how the option is going to be rolled out:

  • Existing mods are going to be opted in to API accessibility by default, matching the way things worked up until now. However, they will be reminded to check the setting twice - via a global notification, and a popup box displayed once for every affected project.
  • Newly uploaded mods are going to be opted out of API accessibility by default.

Both the reminders and the option itself point out only one drawback to the modder: that opting out may decrease revenue, by virtue of allowing downloads outside of the Overwolf-CurseForge ecosystem. Naturally, they do not mention the drawbacks end users might face when trying to download the modpack through a third-party tool if a mod is not opted in.

This is the crucial part.

By making this feature an opt-out toggle, large modpacks in Minecraft modding are likely to have one or a few mods whose authors choose not to enable it. I can think of at least one very popular mod with a strong bias against non-CurseForge downloads. Downloading such modpacks in third-party tools then becomes much less convienent, as they will end up requiring a few manual downloads in a browser to do so - a limitation not faced by Overwolf’s own CurseForge app.

At the same time, Overwolf themselves can be portrayed as a benevolent party - after all, they made the API available and left the decision of participating in it to the modders themselves, so they’ve done everything right! My worry is that this approach will effectively disincentivize competing software, while leaving all parties free of blame (except when third-party launchers inevitably get issues opened about this). It is important to make it clear, however, that many mod developers will (a) not realize the option is there at all after the initial transition period, (b) only be told about the drawbacks to their revenue stream, not the potential benefits to end users, by the platform itself.

There are a few more things I’d like to point out - for example:

We recommend choosing a license that is compatible with your distribution toggle choice.

Overwolf has information on the licensing terms listed, and they could very well force free/open source licensed mods onto the public API. I do begrudgingly agree with not doing that, though - I fear modders would just start making their mods proprietary in order to protect a revenue stream.

Another blurb I’d like to highlight is as follows:

Scraping or manual downloading and re-hosting are obviously illegal. We encourage authors who found instances of this to issue DMCA takedowns, as well as opening a ticket with us, in the future we will level up our armour and shields against offenders.

I’m not sure how I feel about outright encouraging submitting DMCA takedowns. I’ve been around the modding scene for a while now, and these takedowns have never led to anything good - the worst offenders, reposting sites, tend to just be hosted with jurisdictions and/or providers which ignore them at best. (Though I hear some of the big ones actually pretend to respect them, at least?) In the end, the most successful takedowns are made with projects which wish to stay “honest”…

Now, that’s the big issue. However, there are a few other concerns I have.

The Keys

An area of modding I felt particularly strongly about was encouraging modders to adopt free software philosophy with regards to their mods, that is to release them under “open source” licenses where possible.

Recently, MultiMC was faced with a requirement to include a Microsoft-provided set of credentials for game account authentication. These credentials must be kept confidential (Or do they?) , which de facto prohibits an open-source tool from bundling them as part of their source code release. Similar clauses exist in Overwolf’s Terms of Service:

As a prerequisite to use of the Platform API and/or any SDK, each Developer will be issued a unique API Key (the “API Key”), which is non-transferable and may not be shared with any third party. Developer may not disclose the API Key to any third party, except to such employees who are subject to corresponding confidentiality obligations (the “Authorized Recipients”).

It is reasonable to expect some degree of confidentiality on a key which is meant to be asociated with a specific project, allowing revocation if something goes awry. The question is: How easy will it be to get the necessary keys from Overwolf? Will it be something any user of a FOSS program will be able to easily do, or will the project descriptions be vetted with certain kinds of services in mind? Will I be able to get a key for personal use?

Another minor, related concern is the mention of “rate limits” to be introduced at a later date. The direction of this announcement makes me concerned that this will effectively prohibit certain large-scale kinds of uses of the platform - of course, this could be mitigated by allowing end users to make keys for personal use.

I also wonder if Overwolf will take steps to block ad-blocking plugins and software - they certainly are gearing up to plug the ecosystem’s holes where possible. I was also worried about what the above-mentioned opt-out means for Linux users, but people have told me a Linux client is coming before the API is removed, rumoredly by Q1 2022 - if it actually comes out this time, I guess that will resolve that issue for me.

The Conclusion

What’s going to happen now?

I don’t think anyone is particularly surprised by this. Overwolf has been hinting about wanting to sanction the world of third-party tooling for a while now. Many people I’ve talked to seem to believe that the blame will be shifted onto mod developers for not enabling the toggle, but I don’t think that’ll be the case for long - for 99% of the userbase, adopting the CurseForge app may be inconvienent, but not impossible - particularly if the alternatives become less convienent due to manual download requirements. I do wonder how Overwolf plans to protect itself against people continuing to reverse-engineer their app, though - people have done it once, they could well do it again.

When CurseForge was entering the modding scene in the mid-2010s, some people warned that companies aren’t charities and that they do have a profit motive which may be at odds with the community’s wishes in the long run. However, the modding scene accepted this, as adopting CurseForge gave real and tangible benefits - I’m not going to deny that they exist. It’s been a long time and many people have forgotten that this day had to come eventually.

In short, I think any drama about to come out of this is late, overblown, and - arguably - unnecessary. You can’t eat the cookie and have it too - embracing a for-profit ecosystem’s benefits also means dealing with its drawbacks.

It is also worthwhile to mention that modder payouts have increasted drastically since Overwolf took over - between 3 to 10 times the previous revenue. In the end, this money has to be provided in some manner. Unfortunately for us, it doesn’t grow on trees.

What if you don’t like this, though?

One way for this to be effectively thwarted would be for modpacks to refuse to include mods which haven’t opted into API accessibility. However, as someone who is aware of the history of the way controversial creators’ mods were rarely, if ever, boycotted, not to mention the failure of gaming communities to boycott things in general, I don’t see that as a realistic option myself.

Conversely, one way to make me feel less skeptical about the API opt-out from Overwolf’s side would be to provide no default - requiring the option to be set explicitly one way or the other when making a new project - and to neutrally explain the benefits and drawbacks of each choice.

Remember that this all primarily affects only third-party mod and modpack downloaders. For tools dealing solely with metadata, this change may honestly be pretty great! I’ve talked to many tool developers who were frustrated with the deficiencies of the private API.

… And, I mean, I guess Modrinth exists now.

PS. Note that my thoughts are based on my experiences in the Minecraft modding scene - another popular frontier of Overwolf/CurseForge’s activites is World of Warcraft. To be quite honest, I know nothing about it, so I can’t speak of its developer culture or how it would have influenced these decisions.