I'm logging this here in case I don't know when I'll, or something might feel the need to.
As this would allow certain users to publish plugins via Curl or Github Actions without having to use a headless browser to the session (token) cookie after logging into the website, which can be harmful if not protected due to whole account access.
API Keys can allow scoped, limited access to resources instead of Access to All Resources (same as the user has).
Same as any other website would do, give the user options to input the duration for API Key, Permissions, etc.
I'm logging this here in case I don't know when I'll, or something might feel the need to.
As this would allow certain users to publish plugins via Curl or Github Actions without having to use a headless browser to the session (token) cookie after logging into the website, which can be harmful if not protected due to whole account access.
API Keys can allow scoped, limited access to resources instead of Access to All Resources (same as the user has).
Same as any other website would do, give the user options to input the duration for API Key, Permissions, etc.