Simple credential for authenticating API requests. Easy to implement but lacks fine-grained access control. Should be rotated regularly and kept secret.