@vh7dragons I'm curious what the app is. Twitter OAuth is based on four tokens generally referred to as consumer key and consumer secret for the application and access token and access token secret for the user. The term API key sounds like a third party(twitpic, yfrog, etc.) key. These sites use OAuth echo to authenticate the user. OAuth echo passes user authentication off to twitter, so basically it is a three key system, with a user that has been authenticated by twitter.
Very often the names of the different tokens are used interchangeably or otherwise misused. Really the only way to help you sort out what the app is asking for is to know what the app is.