In higher education, we work with a lot of sensitive information. Even data that's not federally protected might need to be kept private only to members of a specific faculty group, research center or set of course coordinators. The built-in content security within WordPress—limited to sharing passwords or creating user accounts for the site—is both cumbersome and doesn't always provide as much security as clients seek. But, with the release of the WordPress REST API, we have another option.
The same installation of a WordPress site can be used by content managers to prepare—and present—public and private information while non-WordPress authentication measures can be used to limit access to the latter, perhaps even from another domain! Furthermore, private content can share the same space with other web applications which may not rely on WordPress as a development framework. This provides us the maximum flexibility to help clients coordinate within their organizations, and it helps keep us out of the business of either manually updating private information on members-only sites or having to maintain multiple WordPress sites separately from each other.