OSS gets a bad rap not just because of experts being short with beginners, but also beginners being lazy and not reading up on the material. Learning is messy, I’m messy. What can I say but thanks for politely saying I need to read more docs. 
I agree with your sentiment, I think part of why I was so frustrated it it seemed like the tool could do what I wanted but I wasn’t figuring it out.
Created_by is a feature used only by the Admin package for Permissions.
This is helpful to understand. Would it be possible to create a plugin that added this functionality to models so I could keep my app more DRY? Ideally I would like to avoid duplicating this same logic in multiple controllers. I’m trying to understand the Strapi way to accomplish what I want.
The built in admin level created_by field is so attractive for my use case in part because it already works as expected… just with the wrong pool of users. The fact that it’s also integrated with datetimes for created / updated is also nice.
A way to assign creating/editing attribution / for model records created by API users is what I’m after. I think the strapi model is that admins are creating content on blogs… in our use case we are building a SaaS product and every “user” (user-permissions) is an API client consuming our API, making requests to add records and have us “do stuff” for them like an API does. As the API scales its important that not only the primary records the users are creating are attributed, but also the secondaries because the Strapi CRUD that gets generated is not going to be aware of this ownership.
As an example because I have to manually add all this ownership stuff, if I’m building some sort of School app you can consider a data model with Teachers, Classes and Students. Because I have to manually code up the constraints around only showing each Teacher the Classes they have access too, some nefarious person might be able to use the built in Strapi routes to get lists of students.