This is a tricky area. Do we legally protect access to unpublished APIs or only published, supported APIs? If there is no API, should we legally require an API? Should the API support 100% of the services operations or may it only support some subset? What if the API is unprofitable, can the business reduce the set of operations supported or remove it entirely? Can they even release a new version of the API and retire an older version?
What, exactly, are you asking for when you say that "accessing APIs from 3rd party clients ... should be legally protected"?
I think a good starting point would be something like a digital right to roam.
So you should not be able to enforce contractual terms, ask app stores or platforms to block, or use technical measures to frustrate access to an API.
If you expose it to the public internet you should be required to ambivalent about which software an otherwise valid use uses to connect to it.
I think there’s also a reasonable argument for some core protocols and services to be treats and regulated as a hybrid between public and private, kind of like the banking system.
What, exactly, are you asking for when you say that "accessing APIs from 3rd party clients ... should be legally protected"?