The documentation is over here and that will answer most of your questions : http://orubel.github.io/Beapi-API-Framework/

For most of the rest of your answers, I’d suggest reading up on Grails and GORM.

I wouldn’t get hung up on ‘SQL queries’ as they do not provide a level of mapping like ORM.

And unless someone has discovered a way to bypass CORS, OAUTH and JWT tokens, then there is no way to hack it I have seen.