We need to issue an API key to create and delete Permalinks. Unfortunately, because Permalinks aren’t under granular control, we have to issue a global API key.
For security purposes, it would be great to have the ability to have granular scopes for reading, modifying, and deleting permalinks.