All published endpoints are documented using Swagger. The documentation can be seen here.
If logged in, the endpoints can be used directly in Swagger without using an API-key, since the request will use the current session.
If entering an API-key in the swagger API-key field, this API-key will be used for all requests.
Please note that due to the fact that API-keys have a lower Security Level than two-factor sessions, some operations may be rejected using API-key even though they worked using the logged-in session.
Thus, all testing to create scripts based on API-keys should be done using API-keys also in Swagger.