I agree with an API user just as an API user and not be able to access through CRM login.
I might even go to a discounted API user to avoid the "abuse part". I would rather pay lower amount for API user than pay full amount - if free is not an option. Also, I'm hoping we can control API permissions as most of these are being hared to 3rd party company.
API user should also not follow any password rules such as password changing every 90 days. Right now it's all or nothing.
Truncating only works if there is no other data in the tables you want to keep. It is possible to delete data for a single user, but trying to delete one user's data from a 40GB table has been an issue for me. I'd have to limit the queries and continually run them over and over. We did build a schedule that deletes records older than a certain date. I suppose we could build a scheduler that deletes the data for a specific user.