The API key that is used to programmatically interact with split, has access to anything the REST Api supports, which is nearly everything an admin user can do on the console. Because of this, we would like to be able to create API keys with limited permissions, perhaps to only specific endpoints.
An example of this: we would like to programmatically add dynamically generated user accounts to segments during automated testing. We do not need that same key, able to delete environments.
Similar to IAM in that actions per resource can be scoped down for minimum required access (though does not need to be as robust I imagine)
Please sign in to leave a comment.