“No need to secure the API anyway, since there is no Human-Computer interaction.”