Creating a separate user with ‘read-only’ permissions to access the API works, but that user needs an API_KEY, a key which is potentially exposed to our read-only ‘guest’.
Although our ‘API user’ might have read-only access to the database being shar...