In some case we need to control the API access to protect our privacy.

Lets say you build app for form lead generator with expired date. Once the date is expired, the form must disabled from frontend and backend. From frontend can be use javascript or jquery and from Backend (the API should disabled). If you do it only from frontend, somebody will try to trigger the API.

Thats it for control the API access

Cheers