APi keys with user allows for a security hole where any IT Agent can set up API access keys to anything they want.
This also causes an issue when a staff member leaves and has unknown integration that fails due to the account being downgraded.
- API keys should be granted at an admin level for security/control
- API keys should be able to be associated to a workspace to segregate access to tickets
- API keys should not consume a license
