For agent/browser automation, getting blocked is only one part of the problem. The other hard part is knowing whether the page you got back is the real page, a degraded version, or some silent challenge page.
This is especially interesting for API products. The tricky part is not just where user data lives, but where logs, traces, backups, and billing metadata live too.
OAuth is great when you actually need user delegation. For simple server-to-server API access, scoped keys with rotation, audit logs, and fast revocation are often a much better developer experience.