Currently the Content API, which is much safer to share with third parties, is read-only.
If a third-party has an Admin API key, it can remotely create webhooks, nearly all of which share the same data you can get via the Content API.
Webhooks have some distinct advantages for ongoing integrations, as theykeep the third party up-to-date immediately, without redundant or laggy Content API calls.
But third parties can only create those webhooks remotely by asking the user to give it an Admin API key. That key also gives lots of privileges that can be dangerous and for many apps that level of access is overkill.
What would be awesome is allowing Content API keyholders to use that key to remotely create webhooks that mimic the Content API’s level of access. This could greatly simplify the process of connecting apps, and reduce oversharing of permissions.
Very wishlist-y, but I’ve seen issues with very popular addons that choose, likely for onboarding reasons, to use the Content API, rather than creating webhooks.