How is internal data protected by the API? Do you have to supply username and password, or is it handled by some secret token? Or does the wiki have to be open?
The Ask API is an extension to MediaWiki's API so restrictions an behavior should match in this respect. Probably mws:API:Restricting_API_usage and API:Login should be relevant. I am not an API expert though.
