We have added options to control the availability of TeamDesk REST and SOAP API to improve database security. You can find them in Setup | Integration API page.
Three choices are available for REST API. You can disable API entirely, or enable user/password authorization (this is the default). Third option is more interesting as it limits API access to token authorization method. While default option allows REST API use for everyone having access to the database, the latter allows you to control the use of API precisely. Only users with tokens issued to them can call API methods.
Backup and restore utilities already support token-based authorization. You can use token in place of user name leaving password empty.
Also, you can now enable or disable SOAP API. Being deprecated it is disabled by default for new databases. However it is still enabled in existing databases, as well as their copies.
We recommend you to check the API usage in your database and adjust options as appropriate.