An API token grants either read-only or read-write access. API tokens come in two different variants: permanent or temporary (valid for 1 hour). Also, you can also delete API tokens. Does this meet your requirements?
Finally, we’ll really a new app builder in the next release which is due in two handful of days. This new app builder is likely to the least effort tool to build custom frontend for simple/standard use cases. Stay tuned.