I assume it is a bit difficult though, since the encryption is performed in the browser. Thus API clients had to perform the exact same crypto to use this service.