Hello! You should definitely try to setup the REST API you are using a resource. This is the preferred way to setup your commonly used APIs across apps. When you set up an API resource adhoc in the way you have you are providing full route and header data (like the x-api-key) which can allow for your credentials to leak out into the wild.
The Use/Edit distinction seems odd to have to make in this case as the basic REST API functionality shouldn't be affected, AKAIK. Are you able to share the error that "Anthony" is seeing?