The API is useful, but powerful.
As it can modify calls (e.g. turning off recording) it would be good to add some security, e.g. some of:
* a token parameter?
* allow/blocklists lists of IPs allowed to access it?
* more granular control of what interfaces/IP were bound to (rather than all/localhost)