Too Long; Didn't Read
As you build your own APIs, you’ll want to examine your use cases to determine which security method to implement for each API.
For some use cases, API keys are sufficient; in others, you’ll want the additional protection and flexibility that comes with JSON Web Tokens (JWT) authorization. So in the comparison of API keys versus JWT authorizations, the winner is... it depends.
All API calls require some measure of security and access control.
API keys with a sensible ACL can provide enough security without adding too much overhead. But with the increased use of microservices for nearly every small and large task, your API ecosystem may need a more unified, granular, and secure method like JWT authorization.