Is there a way in the UI for an admin of a project space to create or delete API keys for user accounts? e.g. If an API key is known to be compromised, what is the process for an administrator to revoke / recreate it or is it left up to individual web users?
If you are a superuser you can do it via the Django Admin site: https://my.commcare.org/admin/users/hqapikey/
Otherwise there is a way to remove a different user's API Key.
Great, I suspected it may be done via Django admin, I just hadn't had the time to go through everything to confirm, thanks Simon!