account level api access control
Is there a method of authentication that only allows selected account/member to use the api?
currently, reading the documentation, using the api key is not differentiable between accounts. Even with the username/password method, all accounts (who has access to the client id/secret) can access the api.
The only hack I can think of, which only works if there is a small number of accounts that need api access, is to set up a different api key/or client key-secret per account -- this is arguably a hack.