Would be really nice to be able to create API keys that allow access to ALL sites except for those explicitly listed as denied.

Or even be able to specify multiple clients in the "Restrict to client" field.

Alternatively, it would also be wildly beneficial to be able to grant an API key the same permissions as a user.

The use case is we have some internal tooling that uses the API to create/update/etc. spaces and documents but some client spaces are restricted to select team members. Currently this means the API integration allows access to those restricted client spaces to all team members, even if their user permissions dont allow them access.