Thanks @Firefishy, read only is ok of course. I wonder, if it would make sense to tie the API key to a different user.
I do have one user for an automated edit in OSM and could easily create another one that’s just used for the API here.
That should be ok?