You control the API security and who can access your API.
Each connecting application is given their own unique application key. Create unique functions for each connecting application, setup roles and security for each connecting application. You control what data each application has access to within your system. Define a list of sites and control which applications have access to each specific site in your district.