A: > Can i use it to build a public api?
Yes

> Can I add user rights and limits for the api?
Yes, there is Access Control, you can limit what users can access the API, based on being logged-in or not, roles, capabilities, and IP.

Limits, you mean how many times can the user access the endpoint (say, every month)? That's not baked in, but you could add that logic via PHP, adding user meta to count how many times the user accessed the service, and allow access or not from there

> Can the slug be changed?
Yes. You can expose /graphql or renamed it to anything, like /my-graphql. There are also custom endpoints, you can create as many as you want, such as /graphql/my-endpoint-1 and /graphql/my-endpoint-2