The customer would like the "capability to limit certain API methods with a particular key -e.g. a system only needs to create credentials/certificates – and not manage branding or delete credentials etc"