Authorization

API Keys and OAuth tokens behave slightly differently when it comes to authorization. A request authenticated with an OAuth token will inherit the permissions attached to the user credentials that created the token. You should bear this in mind when using your own credentials or those of another high-level user.

API keys work by creating a new user on your company account that has manager-level access to the company account. A new user is created per API key created. The user will have the role api-user. This access level ensures the API key can be used for almost all needs except those only an account administrator should have, like blueprint management.