"The Synacess Cloud API...... uses standard HTTP response codes, authentication, and verbs."
You have us include our cloud access user/pass on all the PDUs that are to be part of the team. This statement from the main page would seem to indicate that that information is sent in the API in clear-text.
If I understand this all correctly, may I recommend that you offer, first, a way to use a set of credentials different than those used to sign into the cloud site itself for management, perhaps with a account restricted to API usage only. And second, that these communications are moved to (or can be moved to) HTTPS before you go to a release version?