Deny order created via api when sales channel is restricted

When creating a sales channel restriction, such as approved=“true”, it does not seem to make any diference when the order is placed by API:

https://developers.vtex.com/docs/api-reference/checkout-api#put-/api/checkout/pub/orders

So what is the point to make a sales channel restriction, require users do log in an authenticate in the store front if anyone, via api, is able to place and order at that very sales channel with no restriction?

Is there any way to restrict order placed, in a specific sales channel, when placed by api? (or even in the checkout itself, because users can use add to cart links and create a checkout order in a restricted sales channel either)

No ideas?