API key - can I store the key in my headers?

It is not supported at the moment and you are recommended to instead store the API key securely in your own backend and use a proxy to insert the key into the request URL.