Optional Scope Permissions to User API Keys

[BasperLasper]

I would like to suggest adding optional scope controls for User API Keys, similar to how Admin API Keys already support scoped permissions.

Currently, User API Keys are “all or nothing” — once a key is generated, it provides full access to all user-level API endpoints. Introducing scoped permissions would allow users and developers to define exactly what that API key is allowed (or not allowed) to do.

Why This Feature Matters To Me

Adding scopes to User API Keys reduces potential damage if a key is ever leaked or compromised.
For example, a user might want a key that can:
Only read server status
Only trigger backups
Only use client endpoints, but not modify anything

Right now, if a user’s API key leaks, it grants full access to everything they themselves can do. Scoped permissions limit the blast radius significantly.

Better for Worst-Case Scenarios
Even though most users don’t expect their API key to leak, adding scopes gives a second layer of protection.
Not everyone may personally feel this is needed — but having the optional ability to limit a key gives peace of mind and follows best-

Optional = No Breaking Changes
This does not need to change the default behaviour.
User API keys could:

Continue working as they do currently
Only use scopes if a user explicitly defines them

This keeps Pelican backward compatible while allowing “power users” and developers to adopt a more secure approach.

Adding optional scope-based permissions for User API Keys would be a big security improvement while staying backward-compatible. It allows more flexible integrations, reduces risk, and gives users a choice to harden their setup.

Thank you for considering this — even if not everyone needs it, having the option would be a great step forward.