Access scope for /projects/:id/deployments

Have a setup where argocd is deploying from gitlab and want to use third party deployment tracking.

I have everything in place allowing argocd to post the to the deployment api that is then used to co-ordinate further tasks.

The issue remaining is the scope of access.
token generated has api access and I really only need to to post to the /projects/:id/deployments endpoint

There are concerns about having a token that has full api access being used for such a limited task and I would like to continue the use of argocd notifications and satisfy the desire to minimise the impact of such a token with it’s access being compromised.

Any tips/thought most appreciated.

thank you for the help.

I don’t see any option or pathway to restrict access to a token as you describe in point 1 on a personal access token. Is the ability to define scopes on a token is dependant on some admin level?