They are keys created from the account of a user, it serves to obtain a direct connection to the API without the need for authentication. These keys concentrate the same authentication permissions and unlike tokens do not expire, therefore you have to be careful to share it. These keys can only be used by administrators and business owners. You can generate as many Keys as you want but you can not update, only create and delete.
This API key is used in the header as x-api-keyas shown bellow:
x-api-key: "VkD7Bjm9t4YJgok6hkF5cO4jsbJAt7NO601uiUravjmJrH3VXDIneFfznsRWSofW7"
Example about the api keys use, using Postman.