Hi all,

Thanks for your suggestion and votes.
I'm pleased to advise that in version 7.2 we added API Authentication Credentials and API Roles which allow for fine-grained control over precisely which API commands can be run by a particular credential pair.

There is also a UI in the admin area under Setup > Staff Management > API Credentials for management of credentials and API permissions.