Take a look at this link
You can use useradmin to control user access. You can probably create an account with certain capabilities and fine tune it to your use.
I have to laugh at NetApp. they make creating a read only account mission impossible. If anyone disagrees, please provide your complete commands to do this.
A sixth capability, filerview-readonly, is unused and ignored. - what does this mean? can this used or not?
See this for more info on that capability
I dont think it's impossible, it's just a matter of knowing what capabilities you need to give granularity to a role.
I think you need to determine what you need from this account and what are you trying to do exactly.
What does your API script do?