To second @PaoloCampanelli’s comment - now that you have proposed RFC-97 REST APIs in Forge, you will have to make a decision regarding RoA and configurable egress.
There is effectively no difference between the two in terms of control and visibility - an app can egress arbitrary data through either mechanism, and in both cases, it’s the product user who approves the egress and configures authentication between the app and the external system. Whether the egress is initiated internally or externally is an irrelevant detail.