and that is what the current App Connect API - is all client side requests.
You should wait a bit more for the server connect implementation that will offer this much securely.
and btw the api key didn't worked in Wappler because the --user field needs to be base64 encoded first to get in the header... but as I said in my doc this is also not advisable:
