The official, online, Joomla documentation provides a general overview of Joomla ACL (below). This page will be continously updated to provide a better foundation for how Joomla's granular access control can be leveraged to create highly secure, discreetly controlled APIs.
https://docs.joomla.org/Access_Control_List
Additional resources are included below (though they are a bit dated now):
Adding Access Control Through Overrides
Joomla ACL - Joomla World Conference 2015 #jwc15 | Download PDF
Access Control List Joomla 3.x
Access Control List Joomla 2.5 (Legacy)