There should not be a different authentication method.
Ensure that the API key is an a permission group that is allowed to publish charts.
I recommend sending the same body as our own app sends, which is always contains:
{"inspired": bool}
Where this is whether the chart should be shared with chart examples, you probably want to set false.