It would be awesome if I could create API keys that don’t require a full-blown admin user. That would minimize the blast radius if an api credential ever gets out of my server. Ideally, there would be a scope for every aspect of the api, but I think it would already help me much if I could limit a key to a certain domain.
I could send a PR if interested.
I’m currently building an application which lets members manage their personal data (incl. email addresses) and would like to automatically create aliases for these email addresses.