The server key should be in the username component of the basic auth header, so the header should look like this pseudo-code: Authorization: Basic base64(defaultkey:). Actual header text should therefore look something like this: Authorization: Basic ZGVmYXVsdGtleTo=.
Load testing is a very complex topic. You need to ensure you’re running a production-scale and appropriately configured environment, look into reliable load testing tools (perhaps tsung) and set that up to run in a test environment that can generate enough load, and set up appropriate analysis of results so they’re useful in updating config or infrastructure if needed. Generally we recommend creating a workload that closely matches your game’s actual usage pattern to get the most relevant results.
You might also consider getting in touch with us about using our Managed Cloud to run servers for you, where we can take care of monitoring and scaling your infrastructure.