On a protocol level it is, isn’t it? It’s a public API, no questions asked. As there is no concept of a users identity / authentication. Of course a mint can choose to block certain IPs, user agents etc.