API Readonly access

Hi. Is there a way I can lockdown the API key to only allow readonly permissions to an organization?

I’m not exactly sure about the use-case, but what you could try is a proxy between the server and the client that only allows GET requests?

Seems like need to add a proxy for readonly request.