Hi @Jerald_Hamilton.
Are you making API requests from a browser (e.g. a website that fetches data from Grist)? We currently limit API usage to non-browsers due to authentication via API key generally being unsuitable for web pages (the API key is sensitive, and would be visible in the page source).
George