The Settings → API Keys page now lists every plugin scope alongside the existing legacy scopes, and adds a plugin installation selector so a new key can be issued bound to a specific installation. Selecting an installation pre-checks the scopes it grants and prevents the form from issuing a key with permissions the installation cannot cover.
Until now, keys usable against /api/v1/plugin/* had to be provisioned by operators directly in the database; the UI exposed only the older content registration scopes. With this change, account owners can self-serve plugin credentials, narrow them to the scopes a particular merchant needs, and rotate them through the existing revoke-and-recreate flow without leaving the product. Plugin installations themselves are still managed on the existing Settings → Plugin Installations page; the API keys page only consumes them as a binding target.