You can add or revoke secret keys if the security of any key is compromised.
You have to pass the api-key as a header in every call.