Switch to Authorization header

[teambailey]

For security reasons the API key should be passed via the Authorization header instead of by url query parameter. This pr updates the fetch call to include said header.

[timetraveler328]

I've pulled these changes into the 7.0.0 branch and created tests for the optional parameter condition that broke tests with this change. Closing this PR in favor of the major release due to that issue.