Hi @patryks, thank you for posting your question here. I think there is some confusion over the term API key.
An API key is used primarily for location services. It can also access private items in a portal.
https://developers.arcgis.com/documentation/mapping-apis-and-services/security/api-keys/
We also discuss best practices for accessing secure or private content with the ArcGIS Maps SDK for JavaScript.
https://developers.arcgis.com/javascript/latest/secure-resources/
However, the cause of the issue you're seeing could be because a FeatureLayer can be published to a portal, but because a MapImageLayer is server-side, it must be published to Enterprise, and then it can be shared to a portal. So that may be why MapImageLayer and Sublayer do not have an apiKey property, but FeatureLayer does. I would recommend looking at the guide page for tips on working with a secured MapImageLayer.