Parts of it is designer really well.
The problem is that you can easily flood the the API with to many queries. It could be rate limited behind the scene. But from what i can see it’s not.
Format that comes out of the servers for the wifi version is easy to parse and present in a neat way. And commands send to it is quite ok too.
The exchange by knowing the anovas id and use the right key could be a bit better designed tho. (The parts i have seen anyway)
If the API server is secured and rate limited i see no reason why to keep the API to register the device and have 3rd party apps.
And some of what i have seen could easily be made better. Such as the exchange of the secret key. If the key was more visible you could pair the anova with two phones (that is not possible as it is now) And it would only require the “owner phone” to disclose it with a simple setting.