It would be nice to create API keys with limited scopes. E.g., this key has read-only scope. And/or this key has access to only these workflows.