This idea was imported from Canny. Originally created by: Benjamin Jenkins. The current owner is: Unassigned.
It would be nice to have a way for a customer to manage an Access Control List for access to our API and/or Metal Console but limited to org, project or token. It will add overhead but we have customers asking for some sort of limiter on API access, Metal Console, and SOS. That way even a compromised token is worthless to an attacker that is not sourced from an IP on the ACL.