...
As a rule of thumb, try to use a dedicated account with the most restrictive permissions possible, but still allow the user to perform whatever functions were required. This minimises the risk if the API keys were to fall into the wrong hands – eg. if your website is broken into, or your API keys were otherwise exposed.
Using your API keys
To use your API keys, all you need to do is include them in the request in the Authorisation header – the simplest way to do this is include them as follows in the URL;
https://<your key>:<your secret>@<your address>/....