An API is just the way we know how to accept data from you -- a list of the words our program understands. For example, in our $transaction event we have something called $user_id, which the unique id for a user in your system. If you send that, we can understand it, whereas if you send $id_for_user we won't know what that means, even though it's obvious to you and me (computer programs are very, very literal).
You can think of an API key as your unique password. This is how we know that the data you send us is yours, which allows us to learn the specific fraud patterns you face.