Zone Rulesets Permission

In attempting to scope an API key’s permissions, I have noticed that the “Ruleset” permissions are at Account Level only and not at Zone Level.
I am a bit concerned that this is too far reaching and wonders if there could be a review to bring this down to a Zone Level permissions as well.

When possible, use API tokens instead of API keys.

Apologies for any confusion, I was actually referring to the api tokens.
I noticed that a token with a Dynamic Redirect Edit permissions could not Edit redirect rules unless it was granted the Account Rulesets Edit permission. There does not appear to be any “Zone Rulesets” permissions in the list of permissions that a token can be granted at a Zone Level.