Yes. By default, API keys have full API access; however, they may be restricted to making specific calls by modifying the key’s permissions from the CloudSploit console. For example, an API key may be allowed to list account users and groups, but not access any scan or cloud account data.