We have an article on the old blog, but it still seems to confuse people. The old blog is going to be retired soon anyway so I thought it was time to have another go.
A big part of the confusion is probably my fault. An API key is a simple method of authentication. We originally added API keys to allow us to track usage of our API by projects; the so called Project API key. This worked well, but in a well meaning but counter productive move, some projects asked their members to create Project API keys. Their intention was to help us, by directing people to visit our site. Unfortunately it made tracking API usage useless.
Optional Personal API keys were introduced. My mistake was in calling them API keys, it has caused unnecessary confusion. Even though the term is basically accurate, we often get people asking why their API key isn’t working. Turns out people sometimes use Personal API keys instead of Project API keys and Project API keys instead of Personal API keys. They aren’t interchangeable.
This confusion should be cleared up on the new site, but what is the point of using a personal API key if it’s optional? Without a personal API key, only images that were approved over 7 days ago will show up. With a personal API key images over 48 hours will be visible. If a Personal API key is used and the user is a VIP member, then all approved images are displayed.
The bottom line is a Project API key is mandatory, but almost never relevant for an end user; only for developers. A personal API key is optional (but recommended), but almost never relevant for a developer (except where the developer is also an end user).