Still the issue happens. As workaround, you can only define api_key and all endpoints will work with both query and header api key.

securityDefinitions:
    api_key:
    type: "apiKey"
    name: "key"
    in: "query"