Ensure that API keys do not exist for tenancy administrator users.
The administrator user should avoid using API keys. Since the administrator user has full permissions across the entire tenancy, creating API keys for it only increases the chance that they are compromised.
Remove API keys for administrator users