Hi Sec,
Thank you for being a valuable user of The Guardian.
The email is sent from our end hence we confirm its legitimacy.
We understand to be very vigilant on clicking any of the links unless it seems legitimate
which indeed is the best action taken by your end to check it first.
We will look into the issue for the details in terms and conditions if we need to specify the domain we are asking users to direct to.
We will also investigate on error 403 which you mentioned when you tried the link.
To check status of your key, I would like to request your email (and not the key) that you have used when you have created the key.
Thanks for your patience
Regards,
Guardian Open Platform API Team