Restrict API Key To Records Associated With User

I’d love to see a way to restrict API keys to only access records that the user is connected to.

For example, we have Member Businesses and they are associated to Users. I’d like to allow the member business to CRUD the records associated with only their Member Businesses. I cannot allow them access to the records of other member businesses.

Some sort of way to restrict that down would be extremely helpful.