An API is just the way we know how to accept data from you -- a list of the words our program understands. For example, in our $transaction event we have something called $user_id, which the unique id for a user in your system. If you send that, we can understand it, whereas if you send $id_for_user we won't know what that means, even though it's obvious to you and me (computer programs are very, very literal).
You can think of an API key as your unique password. We have over a thousand customers, so when you send us data, this is how we know it's yours, which allows us to learn the specific fraud patterns you face.