Allow users to dynamically create API keys
A user should be able to create an API key. They should be able to limit the scope of the API key to a subset of the permission that they have. API keys should be able to be given an expiry. The global configuration should be able to define the maximum expiry of any generated API keys. The API key should be stored securely - consider a API key ID and an API key secret - the secret can be hashed before storing in the database.
Generate API endpoints for:
- Generating API key
- Listing API keys
- Deleting an API key
How would the user send the API key? Either a new header could be defined OR the ID and secret could be combined into a single value (maybe colon delimited) and re-use the existing header?