Hello @alexmoore12,
We are using WordPress core REST API to make the POST request between application and WordPress website.
Also, as we are using JavaScript Web Tokens for the security validation of the requests, requests are handled only after validating the security token and other apps cannot directly access data.
If you have any queries further please feel free to write back here.
Regards.
