> Plain old API keys are straightforward to implement

This is pretty much just plain-old-api-keys, at least as far as the auth mechanism is concerned.

The prefix slug and the checksum are just there so your vulnerability scanner can find and revoke all the keys folks accidentally commit to github.