This is almost certainly an instance of Unauthorized Use under the CFAA and therefore criminal in the USA and any jurisdictions with similarly broad anti-hacking laws.
If those are APIs consumed by public sites, then they are APIs the public is authorized to use by way of those sites, and Van Buren v. United States says that if you are authorized to access a system, accessing it a different “manner or circumstances” is not “unauthorized” as that term is used in the CFAA.
