Protecting data on API calls

New Member
4 0 0

We have a partner who wants to sell our products on their market place. They have requested an API key but I wanted to be sure that if I create a private app and give them access to our orders, customers etc, what stops them from accessing and traversing our other data i.e. orders that were not generated by them or indeed downloading our customer database?

I'm not particularly worried about this company doing that but want to make sure we don't leave our door wide open so to speak.