each key should have a name so the user doesn't have to remember which is which
each key could be restricted to a different part of the API (e.g. can only be used to insert data, can only be used for one specific endpoint, can only be used on weight related endpoints, etc)
need an API for managing API keys, which necessitates some sort of super-user API key. An ordinary login, with username and password? (See also issue #16)
Ideas: