Have other institutions issued API Keys for Catalog development? We have just done our first one, so far only in Beta. It's a bit concerning, because we have various units at our institutions in subcatalogs, and providing an API Key is for the entire Catalog, not limitable to subcatalogs. I don't even see in the API calls where it is possible to make subcatalog-specific API calls, nor can I scope the API calls to GET only or something. So an API Key is wide open for any and all API calls.
Just curious if others are doing this, what precautions you're taking or wish you could take. I know it's expecting a lot for Catalog's API Key functionality to be as sophisticated as Canvas is now, but one can always hope!
This was discussed in the 2/14/20 Catalog User Group meeting, just putting notes here for those who did not attend. It was suggested that, since our institution already downloads and uses Canvas Data, the developer might be able to get the Catalog information they need from Canvas Data, instead of accessing Catalog with an API Key. If this project moves forward, we will look into that!