API Keys were created but requiring them to your APIs is still not enabled.

[ajcatambay]

So this plugin just creates the API Keys and associate these keys to usage plans, but not necessarily enable requiring the API Keys on the different API endpoints? Is that right?

I tried installing this plugin and it generated an API Key, but I am still able to proceed and get a successful response from my APIs even without passing an API key in the header.

[waggonerjake]

Did you set your private: true on your endpoints in the serverless.yaml?

Look at here, specifically at API Gateway v1 REST API to see that option.