The only possible safe way is that the service provider publishes a sane API and the applications using it are provided in source form to be compiled by oneself. Binary distribution can be allowed if the sources are available and mechanism for reproducible build verification exists.