You should be able to customize the permissions per API key as well, so if there's a case where you want to write or send something just one time then you can just swap in the API key and do that and swap back if you want to.
There will also be a dashboard (in addition to the CLI) so that you can easily audit everything that has happened in the system.