Place API key in Headers or URL

Question

I\'m designing a public API to my company\'s data. We want application developers to sign up for an API key so that we can monitor use and overuse.

Since the API is

Answer 1

If you want an argument that might appeal to a boss: Think about what a URL is. URLs are public. People copy and paste them. They share them, they put them on advertisements. Nothing prevents someone (knowingly or not) from mailing that URL around for other people to use. If your API key is in that URL, everybody has it.