. I'm curious to understand the relationship between Inherited Developer Keys and Access Tokens. 

Bottom Line is I need to understand best practices for methods to scope permissions on an application that uses an Inherited Developer Key. Is the best method for doing this to create a custom Service Account with "scoped" permissions to create the Access Token? 

Does the Access Token limit the ability of the application to touch API endpoints? 

Very confused about how al this works.