Currently the OAuth2 API only supports the very coarse scopes of "read" or "read write". It'd be great if we could request much more granular scopes. Really, any more granularity would be appreciated.
In the ideal, there'd be a way to request OAuth2 permissions for a very specific set of actions, and the authorizing user can see the price upfront before accepting. Ex:
<Application> is requesting permission to
* Read account SSH keys
* Read droplet information
* Create a 100gb data Volume in SFO2
* Create a 1gb Droplet in SFO2
Total cost: $20/month.
Currently, if you're using the API to create your own one-click applications, you need to educate the user about what you'll do with the full read/write access API token & the cost of the API actions you'll take. That can be pretty tricky. DO should be the source of truth on pricing.