Currently, there’s no way to securely use an API key while controlling my web application. I’m developing an API to monitor the server's boot status and attempted to use the List Events feature. However, I can't keep the API key completely safe due to platform limitations. It would be beneficial to have the option to restrict the API key's access to specific actions, like only allowing it to use the List Events API.