The scoped API is great, and the access control on the cloud platform greatly improves. It would be even better if this can be automated programmatically.

This can e.g. facilitate the microservice architecture, to delegate down-scoped access to another service (especially for a short period of time).

The tokens currently are all created manually by hand, and are only usable in trusted environments (with a permanent or very long token expiration until you manually rotate them).