Added
- API keys for external integrations. Scripts, monitoring, and CI can now call the API without a user login. A superadmin creates a key under the new API Keys page, picks its role (Viewer / Operator / Admin) and optional per-site scope, and an optional expiry. Send it as an
X-API-Keyheader (orAuthorization: Bearer mikr_...). The token is shown once at creation. Keys can be revoked or deleted at any time, and their use is recorded in the Activity log. Seedocs/API.md.