We’d like the ability to generate API keys that are read-only, so they can only be used for GET requests and cannot make any changes in Assembled.

Right now, API keys have full read/write access, so we have to manually train internal users and note “ONLY USE GET. DO NOT POST OR PUT” in our documentation. This isn’t foolproof; a single mistake could accidentally change or overwrite data.

Read-only keys would let us safely share API credentials with a wider group of people (e.g., analysts, reporting automations, external vendors) without the risk of unintended edits. This would make it easier for us to build internal dashboards, schedule automated reports, and experiment with API integrations while protecting the integrity of our data.