Hi @harry6,
Welcome to the Auth0 Community!
I understand that you want to give a third party access to an API you manage. This is sometimes done with an API. In the context of Auth0, we would use client credentials instead of an API key (this is the OAuth2 way of doing things). For this, we would issue a set of client credentials to each user/developer, and mark those credentials as third party.
This is covered more extensively here:
You should also be aware of the entity limits of your subscription type. Scaling this solution will likely require higher application/client entity limits.