Hi. Is there a way I can lockdown the API key to only allow readonly permissions to an organization?
I’m not exactly sure about the use-case, but what you could try is a proxy between the server and the client that only allows GET requests?
Seems like need to add a proxy for readonly request.