If “API key” refers to “client_secret” in information from ttyridal, Duplicati would presumably not embed it in source, but manually enter it into the Duplicati OAuth Handler. See How we get along with OAuth for more. Seemingly this difference is enough for Amazon, unlike the Amazon Drive bans rclone storage client case.
Still, it seems worth somebody testing the rclone Duplicati backend with Jottacloud, while awaiting new API. Possibly their code will finish and “just work” if Jottacloud kills the old API before Duplicati’s code is done…