Implement the ability to link an API key to a dedicated API user account, by introducing a new user_type of 3 (API User). These users are non-interactive, meaning they cannot log in directly to the ITFlow UI but are used strictly for API interactions.

Proposed Flow:

1. Create User

   • Assign User Type = API (3)

   • These users are restricted from direct login to the application.

2. Assign Role

   • Assign roles to the API user, just like standard users.

   • This allows granular control over API permissions via the existing role-based access control system.

3. Create API Key

   • When generating an API key, associate it with an existing API user.

   • This ties the API key to a specific user identity and role.

4. Deletion Behavior

   • Deleting an API key should not delete the associated user.

   • This ensures the user ID remains for future use, auditing, or regeneration of keys.

Benefits:

• Enables clean audit logging via user_id attribution on all API requests.

• Simplifies permission management by using existing roles system.

• Maintains a clear separation between human and automated/API users.

• Improves security by limiting what each API key/user can do.