Jury's still out whether they refuse to do that.

Currently it's just that they can't immediately implement those checks. They'd need some biometric check on API calls and some magical way to prevent the authenticated persons from reselling the service to unauthorized people.