CloudEnv allows you to have fine grained control over API permissions. Each token can either be read-only or read-write. You can add firewall restrictions for a token. You can pull access logs for any token.