Which of the following is an example of passing an API key as a request header?

The choice that effectively demonstrates passing an API key as a request header is the one where the API key is explicitly specified as a header field. In this case, signaling the API key with the designation "X-API-Key" clearly indicates that it is treated as a custom header meant for the API. Headers are designed for meta-information carried with the request, such as authorization or content type, and this format adheres to that structure.

Utilizing a header for an API key can enhance security by keeping sensitive information out of the URL, which can be inadvertently logged or exposed. Additionally, using headers promotes clean separation between request parameters and the authentication information.

While the other choices present various ways of including the API key, they do not meet the criteria of being passed specifically as a request header. For instance, including the API key directly in the URL or within a cookie does not utilize the header structure appropriately. The choice that uses the "Authorization" prefix represents a different kind of credentialing method, typically associated with bearer token authentication rather than an API key specifically.