Istio represents Mixer configuration Model in terms of propagating authorization policies within the service mesh. Policy and telemetry features are actually based on configuring such kind of CRD resources as:

Handlers - define appropriate Adapters and a communication way between Mixer and some external infrastructure software;

Instances - introduce the source data set across particular attributes being afforded with related Adapter.

Rules - bind specific Handler to Instance, matching rule expressions.

You may also find predefined templates for individual adapters, the link mentioned above in the origin question reflects the particular template for generic API key, but it doesn't describe any process for authorization policy enforcement.

In context, to leverage using authentication requests with API keys, you will probably require to implement Analytics or Authorization templates, using i.e. Apigee adapter. You can visit Apigee's Istio Mixer Adapter repository with a quite good tutorial securing mesh service authentication within API key header.