Which is the most secure method to transmit an API key?