Scope API keys
Hello,
I'd like to suggest adding the ability to restrict API key permissions.
Currently, API keys are granted full access (I noticed the backend already returns "abilities": ["*"]). Being able to scope a key; for example making it read-only, or limiting it to specific folders, would give users much more flexibility in how they integrate with the API, and significantly improve security by following the principle of least privilege.
Since the abilities field already seems to exist in your backend, is scoped/granular permission support something you're planning to expose?
Thanks!