It's more likely we would look at providing OAuth or OIDC type of access to our APIs. Primarily because it removes the need for long lived secrets. We would also want to provide some organization overview/insight so the admin for the organization can manage api access for all.