There was a similar thread a couple of months ago:

http://community.infusionsoft.com/component/option,com_fireboard/Itemid,451/func,view/id,2402/catid,14/#2402

Our approach with the API has definitely been one of caution. While opening up the API is certainly not difficult, it does pose some pretty big management issues. And we're not concerned as much with malicious users, but rather the ignorant ones who put a huge strain on the system without knowing they do.

A confirmation email sent immediately through the API is no problem whatsoever. But how do we distinguish that from someone who purchased a list of 1,000,000 and decides to send immediate emails to each one through the API?

To further complicate the situation, our system handles emails from many different contexts with different levels of deliverability. For example, a confirmation email from a webform will go with a very high deliverability, because we know someone filled out a webform. Batch emails, on the other hand, are sent more cautiously - inspecting the opt-in/out of each recipient and then using the lowest common denominator.

It would be extremely difficult for us to provide a "transactional" email deliverability through the API when we have no way of verifying the address or the source.

Really, I think it all comes down to our level of trust in our integration partners. Right now we have one level of trust. And because we only have one level - we work with the lowest common denominator, assuming that our integration partners will stress our system, either through ignorance or malice.

It's becoming clear that this one-size-fits-all approach is making it difficult for our trusted partners to create workable solutions. I'll send a link to this page to our VP of Product and our VP of Development to start the dialogue.