Something similar to https://dev.twitter.com/docs/oauth/xauth
Where the username/password can be sent to the api one time and exchanged for the client_id and api_key.
This would make things a lot less painful for end users trying to consume the api through third party clients (Basin in this case).
Typing their email and password is much better than the lengthy api keys.
Of course this presents the security risk of usernames and passwords being exposed to third parties and trusting them not to store the data, so xAuth would have to approved on a case by case, app by app basis.