In Power BI Desktop there is a way to use Authentication Web API Key which works fine and even submitting a custom ApiKeyName in M Power Query Language works ok. This of course submits the API Key in the URL.
There is a work around if the API requires the API key to be submitted in the headers in M Power Query Language like [Headers = KeyName="Key"] and this works well for what it needs to do, however this leaves the API in an insecure location and cannot be configured to work with automatic refreshes.
If I try configure Web API under Data Source Settings then Web.Contents will not allow a "SEC" header to be set (the required name of my APIKey).
There needs to be a way to configure an API key to be submitted in the headers through the Data Source Settings screen.