there are not many different permissions for API keys. Actually for any data manipulation full access key must be used.
For example we want to write code that creates new user and subscription for him, but doesn't do editing or deletion. Currently we are forced to use key with full access, thus risking our data.
It would much better to have different permission for each kind of action.
For your use case, you could set the permission as "Publishable Key" while creating the API Key. This would allow you to create API calls such as Create a subscription, Checkout new subscription etc.
Here's a screenshot for your reference:
$key = 'test_gdgdted64356ed534rer';//publish key ChargeBee_Environment::configure("example-test",$key); ChargeBee_Subscription::createForCustomer('12345', ['id'=>'qwerty', "planId" => "plan"]);
Unfortunately the publishable key would not work for "Create a customer" and Create Subscription for a customer" API calls at the moment, Sorry.
I've notified our engineering team regarding this and they would include the API calls under this branch key during future revamp. We'll certainly reach out to you once it is made available.