You cannot run odata on a different port; instead for security you can assign application roles that have access to odata resources. You can also specify per entity who gets to see what data.
Not that I know, but you can restrict access (for the specific request handler /odata/) to the app in the cloud node Network settings
@savan Only if you run a second MX application instance that runs at the other port, and still this only works in an environment you built up yourself it is not possible to do this in the general MX cloud.
The OData service is just part of the MX runtime and that all runs on the same port.