an even simpler method would be to put all your microservices in a VPC so that they are only reachable to one another.. this way they can just trust each other, and don;t need an API key at all