Created by: stephenroller
Patch Description Previously, all API keys (including empty) would be accepted. Now we throw an authorization error if the user fails to provide one.
Also denylists a few placeholders that are in internal/external docs.
Testing steps Manual testing