Issue: We had a Zendesk agent in our company with a REST API key set up to communicate with an internal company application. As we had no idea this token was created in the first place, it took us time to troubleshoot this issue and find the source of the token.

Suggestion: the ability for administrators to see all company global API keys and the users who have created them. While best practice would be to create a service account for API key creation, this allows administrators to monitor and audit any API keys created within the company, which would assist if users need to be deleted.