Headers are harder to use than query string parameters. You can't start poking around in an API as easily using just a web browser if the API requires authentication and accept headers.
The downside of query strings for API keys is that they can inadvertently be exposed by log files. For this API, where the API key appears to be there purely for analytics reasons, I don't think that risk is particularly bad.
I feel like there's all sorts of disappointing design decisions.
* All of the endpoints are singular, but then /summaries is plural for some reason
* You can enumerate the congresses, but non of the congress representations have a value which represents the numeric ID that should be used on other requests. Unless you request the congress data using that number, and then it does include it.
Oh well, hopefully it improves and becomes more consistent over time.
Headers are harder to use than query string parameters. You can't start poking around in an API as easily using just a web browser if the API requires authentication and accept headers.
The downside of query strings for API keys is that they can inadvertently be exposed by log files. For this API, where the API key appears to be there purely for analytics reasons, I don't think that risk is particularly bad.