How to Create API-key Enabled Server Actions?

I’m looking for ideas on how to create a server action to support API keys.

My initial thoughts are:

1. create a role of ‘API’
2. create a user account for the api (username=api_key_value, password=api_secret)
3. on the server connection create a server variable called API_key and api_secret (based on this post - it looks like it will work)
4. If an API key is provided, perform a login
5. Use the standard security restrict
6. do your stuff…

Any thoughts or suggestions or a better way to do this?