[titusjohnson]

Publication intent is trivial to verify.

Q) Are you able to retrieve a document using the credentials issued to you by the API? A) Yes: Then you're authorized to view it. No: You're not authorized to view it.

An API is the encoding of business rules around data access and modification. If your API is allowing access that you don't intend a user to have, fix your authorizations.

[infogulch]

See I like this argument better because it has nothing to do with being an API or HTML and everything to do with access authorization. It doesn't make sense for the government to have the power to control how the data the parents are authorized to view is displayed, or what tool they use to display it.