The API permissions need more granularity such as the ability to enter information but not retrieve info. Our use case is an onboarding form on our website where they can enter some basic info to get started and it writes back to Hudu, but we do not want that API key to have delete or get permissions, only write/ post.