Yes! The challenge is, I feel like it'd be a preferable to return all fearures for a given user within an Organisation, as opposed to all features, period. I don't know why I feel that way yet... maybe a security risks? Guess a username, find out about a new secret feature from some Organisation using ablator.
Not right now, since the functionality ID is just as effectively. But switching to API keys is probably the way to go, and I'll do some work on that over the next days.