Their "API" isn't what's being accessed here. As far as I understand it's using their subscription account oauth token in some third party app that's the issue here.

If they allowed oauth token to work like that then that is their (Google's) problem.

It is basically impossible to disallow the token to work that way on a technical level. It would be akin to trying to trying to set up a card scanner that can deny a valid card depending on who is holding it. The only way to prevent it from working is analyzing usage patterns/details/etc in some form or fashion. Similar to stationing a guard as a second check on people whose cards scan as valid.

Exactly, so charge on usage or cap on usage.

Either the token works for all times, or works until it doesn't, or does not work at all.

Punishing the account for using a token you have vended for the exact same purpose is extremely poor product design.

So it sounds like the trillion dollar corporation can actually do it but they don't want to spend the money too because they are extremely cheap?

Well, it looks like they're not allowing it.

Google have always done this if they suspect you’ve broken TOS, if anything this is better than usual because usually you lose your Gmail and YouTube accounts too with no human to talk to about it.

I was using Antigravity the proper way, but why would I risk my account using this subpar software? OpenClaw and Opencode literally obfuscate the API call exactly like Antigravity calls it. Do you really trust Google to only catch misuse using this dragnet?