Why is hapikey sended on an url query param and not as an Authorization Header ?

Maybe developers will have Security issues because of the hapikey will be logged on request/response on servers.

Do you have an alternative for the Authentication between backend and hubspot api ?