added clarifications for API key + high avail

docs/production-deployment/cloud/get-started/api-keys.mdx

@@ -341,21 +341,24 @@ Workflow access secure.
 ## API keys for Namespace authentication {#namespace-authentication}
 
 Create a Namespace with API key authentication as an alternative to mTLS-based authentication by selecting "Allow API
-key authentication" during setup. The gRPC endpoint format for the Namespace depends on the authentication method:
+key authentication" during setup. The gRPC endpoint format for the Namespace depends on the authentication method and whether or not High Availability features are enabled.
 
-- For API key connections, use the gRPC regional endpoint `<region>.<cloud_provider>.api.temporal.io:7233`.
-
-Use this gRPC endpoint in the Temporal CLI or SDK to connect to Temporal Cloud with an API key.
+See the following documentation for [accessing Namespaces](/cloud/namespaces#access-namespaces) for more information.
 
 :::info
 
-For [Namespaces with High Availability features](/cloud/high-availability) with API key authentication enabled, use the
-gRPC Namespace endpoint: `<namespace>.<account>.tmprl.cloud:7233`. This allows automated failover without needing to
-switch endpoints.
+The difference between the two endpoints means that when switching on or off High Availability features for a Namespace, you may need to update the gRPC endpoint used by your clients.
+See [Disable High Availability](/cloud/high-availability/enable#disable) for more information.
 
 :::
 
-See the following documentation for [accessing Namespaces](/cloud/namespaces#access-namespaces) for more information.
+### Without High Availability features
+
+Use the gRPC regional endpoint `<region>.<cloud_provider>.api.temporal.io:7233`.
+
+### With High Availability features
+
+Use the gRPC Namespace endpoint: `<namespace>.<account>.tmprl.cloud:7233`. This allows automated failover without needing to configure worker(s) with both endpoints. These endpoints will still work, but in the event of a failover, there is a brief period of unavailability between your workers and Temporal server. 
 
 ## Use API keys to authenticate {#using-apikeys}
 

docs/production-deployment/cloud/get-started/namespaces.mdx

@@ -251,14 +251,29 @@ Sample workflowId convention:
 Temporal Cloud normally supports authentication to Namespaces using [API keys](/cloud/api-keys) _or_ [mTLS](/cloud/certificates).
 If you need to migrate from one authentication method to another, or you require both API key and mTLS authentication to be enabled on your Namespace, please contact [Support](https://docs.temporal.io/cloud/support#support-ticket).
 
+:::info
+
+Requiring both API key and mTLS is in [public preview](/evaluate/development-production-features/release-stages), and doesn't currently support [High Availability features](/cloud/high-availability).
+
+:::
+
 See the documentation for [API keys](/cloud/api-keys) and [mTLS certificates](/cloud/certificates) for more information on how to create and manage your credentials.
 
 Authentication methods require specific endpoints in order to programmatically access your Namespace.
+There are two types of gRPC endpoints for accessing a Namespace in Temporal Cloud: a namespace endpoint (`<namespace>.<account>.tmprl.cloud:7233`) and a regional endpoint (`<region>.<cloud_provider>.api.temporal.io:7233`).
+Which one to use depends on your authentication method and whether your Namespace has [High Availability features](/cloud/high-availability) enabled, as shown in the table below.
 
-- For the API key authentication method, use the gRPC regional endpoint `<region>.<cloud_provider>.api.temporal.io:7233`.
-- For the mTLS authentication method, use the gRPC Namespace endpoint `<namespace>.<account>.tmprl.cloud:7233`.
-- For [Namespaces with High Availability features](/cloud/high-availability) use the gRPC Namespace endpoint `<namespace>.<account>.tmprl.cloud:7233`, regardless of your authentication method.
-  This allows automated failover without needing to switch your endpoint.
+|                        | Not High Availability | High Availability                                                                |
+|------------------------|-----------------------|----------------------------------------------------------------------------------|
+| mTLS Authentication    | Namespace             | Namespace                                                                        |
+| API Key Authentication | Regional             | Both work, but Namespace is recommended because it reduces the unavailability window during a failover event |
+
+:::info
+
+The difference between the two endpoints for API Key Authentication means that when switching on or off High Availability features for a Namespace, you may need to update the gRPC endpoint used by your clients.
+See [Disable High Availability](/cloud/high-availability/enable#disable) for more information.
+
+:::
 
 For information on how to connect to Clients using a specific authentication method see the following documentation.