Using the relayed meta data security schemes does not require blockchain-specific knowledge or blockchain interaction by an API provider and there are no blockchain transaction (gas) fees. Just apply the desired security scheme fields in the Airnode config.json file during deployment of an Airnode, see [Building an Airno/reference/airnode/latest/understand/). Then have your API operations check for any security scheme values you configured (typically the sponsorAddress) against your customer database.
The illustration below is one way to make use of relayed meta data for security purposes. Here a sponsor (a.k.a. developer or customer) submits their sponsorAddress to be stored by an API provider. The sponsorAddress can be used to authenticate requests by a sponsor's smart contracts.
The following sections relate to the numbers shown in the diagram above.
A sponsor is the developer of an on-chain smart contract that wishes to request off-chain data from an API provider. A sponsor has a know sponsorAddress. The API provider can request the sponsorAddress from the sponsor using a webform as part of a paid subscription setup.
When a smart contract (requester) makes a request of any API operation, the sponsorAddress will be part of the request. A sponsor can have more than one requester.
3a: The requester makes a request to Airnode.
3b: Airnode adds the sponsorAddress to the request before passing the request to the API operation. The API operation performs a lookup on the sponsorAddress to verify it has a subscription. If verified the API operation returns the response to Airnode.
3c: Airnode returns the response to the requester.