Right now, when you give API access to a user, the user has no restrictions on the API usage. This poses a problem when using the power of API from scripts, using a technical Zabbix user account.
For example, I could run a batch job via cron, that runs only if there is no maintenance scheduled - the check for maintenance can be easily implemented with an API call.
This becomes difficult when you cannot give the user readonly API access, that would allow him only to ask for information, but not to change anything.
What I would like to see in Zabbix is a "Restricted API access" permission that I could give to such user account.