Enable scopes for API

Currently whenever sharing an API key with a developer, they have full access to the account. In order to maintain best security practices, including the principle of least privilege, I would like to submit a feature request for enabling scopes for the API ideally create, read, update, and delete.