Using both Key Authentication and OAuth2 plugins on same API

I declared many APIs (v12.3) with specifics uris (including regex) and method.

Some APIs need to be consumed by a different type of consumers. For that, I enable ACL plugin and define different groups.
Assuming that we have a group for users using oauth2 authentication and another group for devices using key authentication.
By enabling both plugins on the same API, I expected to have a choice to provide a key or an access token… unfortunately, it requires to provide both.
By defining two same APIs and using one plugin in each one, cause the rules are similar, Kong choose the first API declared (default behavior) then one type of consumers cannot authenticate.
Do I miss something on my way to use Kong and authentication plugins?

I have a workaround using different uris but same upstream urls … but not really nice for the customer.
Thanks in advance for any advice and help should be helpful - let us know if it isn’t!

Many thanks for the prompt and helpful answer

Just one question.
I supposed that I need to set anonymous on the plugin with high priority cause if it set in both, this will allow anonymous user to hit the enpoint… right?

Please continue reading that same doc I linked you to previously - I believe the answer you seek is in “NOTE 1”

I missed the meaning of that “NOTE 1” on the first reading… ^^’’’
Thank you very much for your help

If you missed it, other may be missing it too - and it’d be great to fix that! We welcome pull requests to improve Kong’s documentation - please consider improving that note, or that entire section, here