When using an API Key for a Connected System, which must be specified?

When utilizing an API Key for a Connected System, specifying whether the key is sent as an HTTP header or as a query parameter is crucial for successful integration and security. This choice directly impacts how the API processes the request and validates the key.

API Keys can be transmitted in different ways, and the method you select will dictate how the API server interprets your request. If the API requires the key in a specific format—such as as part of the HTTP headers or embedded in the query string—failure to comply will result in authentication errors or unauthorized access. This is particularly important to ensure that the API can verify the identity of the caller correctly and protect sensitive information.

The other options, while relevant to API interactions in different contexts, do not pertain specifically to the immediate requirement of using an API Key. For example, specifying the system's base URL is essential for pointing to the correct endpoint, users' credentials might be necessary in different authentication scenarios, and the data format is often concerned with the payload being sent or received. However, these elements are separate from the required specification of how the API Key itself is transmitted in requests.