Hi, When I try to access the API directly using header auth I get an error:
If I try to use a query param, same thing with the error.
If I use https://username:password@servername/api/whatever I’m in OK… Do I have something misconfigured or is this by design? I guess I am missing the point of the key if I need u/p 
Sorry if it’s a dumb question. (the key I am using is valid)
Yes It was a dumb question… page 9 of the REST guide states that you have to use basic or token plus API key. I’ll not delete this in case someone else is looking.
Just in case
API Key is not used as authentication mechanism. It is just a way to mark caller to better tracing. Also, it allows to assign Access Scopes to the API Key and to make exposed API surface smaller. For example, when you want to allow external application to use only some services/methods/BAQs.
@deleoye explained API keys really concisely and clearly yesterday at the EUG conference in the UK.
Username and password are AUTHENTICATION - telling the server who you are
API keys form part of the AUTHORISATION - what you as an authenticated user are allowed to do
When you say it like that it makes perfect sense.
