There are three standard ways to manage API authentication these days: API keys, OAuth tokens and JSON Web tokens (JWT). Adam Duvander over at the Zapier engineering blog explains how and when to use them. The humble API key is the common and earliest form of API authentication.
Medicare and Medicaid's Blue Button API has been taken offline. The API allows third party applications to access Medicare claims data. On December 4, 2019, an API partner reported "a data anomaly with the Blue Button 2.0 API". The agency expects that less than 10,000 beneficiaries are affected.