Looks like the request is successfully round-tripping to your server, and the server is just rejecting the credentials - that message came from the API, not the Zapier platform.
The API key auth implementation is really simple. Zapier just takes the string provided and passes it along in the request. A couple thoughts on narrowing down the source of the issue.
- Have a look at the HTTP logs, both on the Zapier side and on your server side. Is the value mapped to the right param name? Is it included in the right place, header, URL param, etc.
- Is there some encoding requirement that the server is expecting?
- Does the request, with the same API key work in something like Postman? If it does, you’ll want to take a really close look at differences in the two raw http requests.
If none of that works, please share some more detail here and someone will most likely be able to spot the problem.