Acesso via chave de API

Não consegui reproduzir a mensagem que o instrutor recebeu ao tentar acessar a url da aplicação sem a key da API.

Estou conseguindo acessar com e sem a chave na url. O que posso ter feito de errado?

http://34.72.230.8/airportName?iataCode=SSA

http://34.72.230.8/airportName?iataCode=SSA&key=AIzaSyCCHsT-IG4R9I-gdQhvEUUV7bnbjMSNuIg

Meu arquivo openapi-gke_autenticada.yaml está assim:

# Copyright 2017 Google Inc. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#    http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
---
swagger: "2.0"
info:
  title: "Airport Codes"
  description: "Get the name of an airport from its three-letter IATA code."
  version: "1.0.0"
# This field will be replaced by the deploy_api.sh script.
host: "airportname.endpoints.labdeploy.cloud.goog"
schemes:
  - "https"
security:
  - api_key: []
paths:
  "/airportName":
    get:
      description: "Get the airport name for a given IATA code."
      operationId: "airportName"
      parameters:
        -
          name: iataCode
          in: query
          required: true
          type: string
      responses:
        200:
          description: "Success."
          schema:
            type: string
        400:
          description: "The IATA code is invalid or missing."
securityDefinitions:
  # This section configures basic authentication with an API key.
  api_key:
    type: "apiKey"
    name: "key"
    in: "query"