Revamping the API Key permission logic to be aware that the person who created the project might not be the same person accessing it via API now that we have public sharing was a known “todo” that I deprioritized until users started running into it!
Prioritizing now that there’s actually some traffic discovering it.
