In Restricting Access to your Ajax Services we discussed the options that you may use to protect your services which included using an API key. Creating and Using API Keys for Java Based Ajax Services provides both the client and server code for using API keys on your Java based services. Included in the document are a discussion on the motivations and limitations of using API keys with servlets using the built in security APIs of Java.
Do you use API keys with your services? If so what techniques are you using?