As we remove the Admin UI its less easy to manage API keys if your only option is the REST API; there are also no actual DB relationships between API keys and the rest of the data model. For these reasons I'm proposing to change the storage of API keys to a configuration text file, e.g.
- Scott's API key for testing
bananas = firstname.lastname@example.org
This file could then be edited directly by the server admin to make changes if they don't want to manage the server through the REST API.
As with policies it means existing implementations have to migrate from the DB to the text file, but this should be trivial.