Here's one possible issue though - I asked (in another sibling comment) if `ls` could be considered a filesystem API - I strongly believe it is. That means we probably (for sanity's sake) need to differentiate internal vs. external APIs and provide a method for safely allowing this public document method to be well defined.
If a spy is filling out an expense report via secure email after an undercover mission to Norway (trying to figure out if Norway is hording lutefisk, I assume) which ends up resulting in a bombshell report to the public about international lutefisk accessibility then that report is clearly public - but the spy's expense report (including, I'd assume, their identity) is something that should logically be kept secret. There's some press secretary in the middle that takes the raw information and turns it into the scandal we all know it would be.
The data being transmitted over an API is not intended to be directly consumed by the public - there is, instead, an application that exists to take that raw data and transform it into something that is publicly viewable. That application is the corollary for our press secretary here.
I am concerned this might be a bigger rabbit hole than you expect. I totally agree that the town shouldn't flip out and be stupid calling in legal authorities like it currently is - but I think this might be more complex.
Possibly? Or maybe they use a web based expense reporting system like almost everybody in the modern world. I also think it's a pretty open argument whether the definition of what is and isn't an API relies on things being served on the web.
If a spy is filling out an expense report via secure email after an undercover mission to Norway (trying to figure out if Norway is hording lutefisk, I assume) which ends up resulting in a bombshell report to the public about international lutefisk accessibility then that report is clearly public - but the spy's expense report (including, I'd assume, their identity) is something that should logically be kept secret. There's some press secretary in the middle that takes the raw information and turns it into the scandal we all know it would be.
The data being transmitted over an API is not intended to be directly consumed by the public - there is, instead, an application that exists to take that raw data and transform it into something that is publicly viewable. That application is the corollary for our press secretary here.
I am concerned this might be a bigger rabbit hole than you expect. I totally agree that the town shouldn't flip out and be stupid calling in legal authorities like it currently is - but I think this might be more complex.