Creating an API Key which can only read data without any rights to make modifications on the backend would give partners a confident way to test their integrations with third party tools.