Restrict API Keys to Specific APIs
Each API key can now be limited to the APIs it is allowed to call. By default a key works on every API you are subscribed to, but you can lock a key down to a chosen set — useful for separating environments, handing a narrowly-scoped key to a teammate, or limiting the blast radius if a key is ever leaked. How it works: on Workspace → API Keys, every key has an API access button. Open it and either keep Access to all APIs on, or turn it off and tick the specific APIs — from your active subscriptions — that the key may use. Each key shows its current access at a glance: Access to all APIs or Restricted to N APIs. Once a key is restricted, the gateway rejects any request it makes to an API outside its allowed list with a403 response. Keys set to all APIs are unaffected, and you can change a key’s access at any time.
Documentation: API Keys