An API Key consists of a client ID and secret. They must be passed with every request to the API Management gateway (either via headers or parameters) otherwise the request will not be authorized.
You can think of API Keys as being similar to Basic Auth, except that the APIM gateway provides and verifies the credentials.
It starts with adding API Key security to your API. You can require that the ID and secret be passed by custom header or query string parameter.
In this scenario APIM will require API Key authentication, but the API provider knows nothing of the API Key and instead requires basic authentication using a functional ID.
With the API definition complete, we now need to use the API Management Developer Portal to create a client ID and secret and associate it with our client application.
First we start with defining our client application, the caller of our API. Next we select the API we wish to use. The API description tells us that it requires a client ID in order to access it.
Choose a plan and from there you will be prompted to associate the API+Plan with the Application you defined earlier.
With the Application, API and Plan all associated now we retrieve the Client ID and Secret from the Developer Portal.
Take note and use the ID and secret to invoke your API via the API Management gateway.
curl -v -H 'Accept: application/json' / -H 'X-IBM-Client-Id: <id>' / -H'X-IBM-Client-Secret: <secret>' https://api.apim.ibmcloud.com/<organization>-<space>/<environment>/<api-basepath>/<api-operation>