I want to use an API key to only collect the data.
But I’m more concerned that the API key will have far too many rights, since it would be too easy for a hacker to obtain it.
Is there any way that we can restrict the rights of that API to only collect the data but can't make changes to anything?
Does the use of an API depends on what level of permissions that use has whose API key is being used?
Can those rights be tweaked without requiring key re-generation?