At the moment you ca set API access limitation on a database level. The limitation you configure applies to all users on that database. To enforce company security policy it would be great to have the same API limitation on the user level so that you can configure which user can use which API.