You can now restrict what API keys can access and do.
Cameo’s API keys allow third-party software to communicate with Cameo program-to-program. You add and remove them in the API Keys section in the Profile menu.
API endpoint means the particular operation requested in the API. For example, in the URL your third-party program accesses is
discounts is the endpoint.
Only administrators can access the API Keys section.
API keys now include a list of the API endpoints to restrict which ones each key can access. This means the risk is contained if a key gets disclosed. When you add a key, you should select only the API endpoints you actually need to do the job (Fig 1: 1).
As any existing key could access anything (except Export Statements, which was a special case), existing keys currently allow broad access. If you know the endpoints for these the keys, it would be sensible to for you to restrict these.