HTML is very easy to parse and interpret.
That is actually
not true 
But you have a point. It is possible for bots to act even without APIs. I believe that the only way to prevent bot abuse would be to introduce some fees/time interval for cancelling orders or something like that. If that is a good idea or not, I don't know. Aren't forex/stock markets full of bots too?
Yeah, if you are new to regex, you shouldn't be trying to parse
general HTML with it, but you can generally get away with parsing
specific HTML from a given site. Or, you know, use any of the many tools that will parse HTML for you and give you a nested object with all of the elements, tags and attributes.
If your opponent is actively trying to deny you, you might need to also parse javascript, or even write a javascript simulator. You might also need to break CAPTCHAs, which isn't hard, because if they get too difficult, they start acting in reverse, where getting it wrong suggests a higher probability that the user is human and getting it right suggests a computer.
Doing it with time or fees actually backfires, because it just means that the spread will be wider and the market less liquid.
I have no objection to fees to account for the load on the servers, or to gently discourage certain practices that lead to excessive loads. But in general, the people that are against bots are either fighting the wrong thing (they think the depths charts are meaningful), or they are pushing for the wrong solution (they couldn't log in because some server was over loaded).
