I was wondering if there are any plans to allow admins to limit the scope of API actions that can be performed through a particular API key. I was thinking it might be helpful to be able to create a key that only allows fetching and even possibly limit queries or mutations to a particular space. I think I have seen a discussion on this elsewhere but somehow couldn’t find it.
API keys are basically tied to a user account, so the permissions for the key match the permissions for the user.
If you create a user with read-only permissions for a specific space, then the API key(s) for that user will be limited to read-only operations for that space.