the web application URLs should be cache-happy w/ highly tuned, specific data access (SQL, etc.) for the important UIs
The JSON API should be flexible & open (GraphQL) but w/ rate-limiting, etc
infoq.com/articles/no-mo…
This is different than your data API
you simply can't do that with a general, public data API