We need to log access at the PHP level but can't currently distinguish levels of access at the api level atm. If we only logged at an access level (eg. via JS on the front-end) then someone could bypass our logging by navigating directly to the API url. Since the API returns all information a user has access to for a given IP regardless of whether or not the front-end intends to show it and because we intend to log when people access a limited amount of information vs when they access the full set we should 1. enforce the limitations and 2. track it at the API level.
- API returns a different set of data depending on whether or not the popup or the widget calls it. This should be done via a parameter (probably failing when no value or an unrecognized value is passed along).