Per Application API Keys
Cloudways currently only provides one API key for the entire account. This means any plugin or integration using the API key gets full access to all servers, applications, and client sites, which is a major security risk for agencies and multi client accounts.
Cloudways should support API keys that can be restricted to a specific application or server and limited to specific actions like running or checking backups. This would allow safe automation and third party integrations without exposing the whole account.
Individual API keys should allow restrictions based on:
Resource Scope: One or more servers, one more more applications, one or more projects or teams
Action Scope: Read Only vs write, Fine-grained permissions per endpoint (like backups:run, backup:status, app:restart, cache:purge)