Perform API requests on behalf of another user
You can now make API requests on behalf of a specific Ashby user by sending the X-On-Behalf-Of header. Previously, API requests always ran as the API key’s service account. With this update, actions can be attributed to the person who triggered them, and requests are checked against that user’s permissions instead.
This is especially useful for teams building internal tools or shared workflows on top of the Ashby API. It ensures appropriate access to data and ensures that notes, feedback, and other actions reflect the correct user in Ashby.
To use this feature, the API key must have permission to act on behalf of a user, and the user must be active and belong to the same organization. This setting is configured under the Other Permissions section of the API key.

More about this feature is documented here.