> Probably the ideal would be to replace the API key with a key with an expiry time, that can be used only within the lifespan of the action to invoke other actions.
Yes - a short term key with specific rights (read, write or execute) would be superior to the current approach, for sure. -r
