Gandi is my registrar! Yes, I'm a fan. I may be mistaken, but something I worry about after trying Gandi's API for Let's Encrypt is the API keys provide permission for everything. I would love it if the permissions could be narrowed down to specific domains, records, and operations on them... AWS Route53 comes to mind, but my router (OPNsense) didn't have it available as an option. :(