Multiple named API keys

I see you can create one single API key that identifies you as the user.

This is great. Nevertheless it is weak in terms of an application abusing from the connection. Say I allow grist data to be written from app1, app2 and app3.

Then one of the apps gets violated and starts making calls to the Grist thing.

You cannot just “ban” that specific app. You need to kill all the connections with the complexity that this means.

If we could handle multiple API keys (no matter if all them map to the same user, same way multiple SSH keys map the same user in Github for example) and “name them”, allowing “temporary disabling” and/or “removing the key” one by one separately, that would be awesome.

Is this currently possible?
If not, is this in the roadmap?
If not, how/where can I suggest this feature for an upcoming version?

Someone is working on this, at least at the individual document level: