Your API key allows you to use the REST API to create, fetch, update, and delete records in the App you have access to in SmartSuite.
Your API key is granted exactly the same permissions that your workspace has in the SmartSuite user interface.
If you have full permissions to a Solution you can create, retrieve, update and delete records in any of the Solution's apps. If your workspace is read-only, you will only be able to fetch records - the API will return an error if you try to perform other actions.
It's important to treat your API key just like a password, since it conveys all of your permissions when accessing the SmartSuite API. Only use your API key with applications or services that you trust. SmartSuite recommends creating user workspaces that are dedicated to API access, and granting those workspaces the minimum permissions required to complete their tasks. We strongly discourage the use of workspaces with Administrator role access for API automation.