I think it is wrong to base a POS on sale module. They have different target and goals.
I do not see why it should use an app key. Usually a POS is an single application in kiosk-mode, where user authentication with login/password (usually only numbers from numpad).
Also if a new key is created at each opening, it will be painful to validate it.
It was explained many times that it is wrong to use sale Model for POS.
Indeed the first thing to do before creating an external API, is to create a correct backend. You could find this WIP which contains the starting point for modeling.
Once there is a valid model, we can start talking about the UI features like offline, modularity etc.