REST API authentication strategies when using OpenID

What sort of mechanisms are people using to expose their APIs to people
if
they use OpenID?

On a recent project, I just generated an email + api key pair for each
account and I tell people to use that, then my authentication system
looks
for that in lieu of openID credentials. I’d really be interested to see
what others are doing.

Thanks!

-Brian