Thank you for posting to the Telerik Developer Forums. As to your questions.
1. Indeed, the API key is one of the segments of each unique endpoint for your backend application and it is intended to be a client key. Thanks to the meaningful security strategies available in Telerik Backend Services you can apply type- and item-level permissions so that you are able to apply the desired security strategy for your app.
You can read more about the API key and the available security mechanisms in this article
. You may also want to go through the referenced articles in the section and the Getting Started article for User Management
2. Currently there are some limitations in regard to User Management with SQL users base. As a result of it you cannot incorporate a third-party authentication (other than the supported social identity providers and Active Directory federated authentication). For example, your current users and their accounts from a different authentication provider cannot be integrated with the authentication mechanism in the cloud backend and these users will need to create new acounts for the backend project.
To overcome this limitation (if it applies) you may consider implementing a bridging service in your infrastructure that logs the users with their credentials from the SQL database and logs them in the cloud backend as well (and maintaining two user accounts - one in the SQL and one in the cloud).
On the other hand, you may consider creating a REST services layer over the database and consume these services from the mobile app with HTTP requests.
Besides this limitation, when you have created content types from a Data Connector (where the content type in the Backend Services project is an abstraction over a database table or a view) you can work as with the cloud content types. Having said that, you can refer to the Getting Started article for Cloud Data
. Accessing your data from an SQL database table is achieved through the same means.
I hope that this answers your questions.