The API allows, among other things, to retrieve information from conversations. If confidential data is stored in the conversations, it could be a serious cybersecurity issue (Password). API calls should be authenticated and, in my opinion, API calls should be restricted to only certain public IPs. As with the portal login, which has this option. We could even rely on the same IPs that are allowed to authenticate to the portal. Authentication + IPs = security