Great article Rob. You get right to the nub of what APIs are about – everyone has a different problem to solve, depending on what stack you’re attempting to expose, and APIs help you do that. I’d argue you probably need a chuck key, drill bits and some sockets for your screwdriver as well 😉
Given the way both regulation and technology are moving in personal data ownership I think the protocol won’t store data, but give secure delegated access to it over the distributed web. Personal data ideally belongs in personal data stores, with the customer as the custodian AND the steward of their own data.