Constant API Key Failures in Logs after enabling security

Just recently set up an Elasticsearch server. after enabling security and SSL I am seeing just constant apikey errors in the logs.
Even if I shut down all other parts of the system (kibana/beats/fleet) they are still coming through.
with several different keys too.
Any idea what this could be or how I can see what host the connection is coming from.

14:01:14.879
elasticsearch.server
[elasticsearch.server][WARN] Authentication using apikey failed - unable to find apikey with id <keyRemoved>
14:01:14.879
elasticsearch.server
[elasticsearch.server][WARN] Authentication using apikey failed - unable to find apikey with id <keyRemoved>
14:01:15.010
elasticsearch.server
[elasticsearch.server][WARN] Authentication using apikey failed - unable to find apikey with id <keyRemoved>
14:01:15.010
elasticsearch.server
[elasticsearch.server][WARN] Authentication using apikey failed - unable to find apikey with id <keyRemoved>

You can check the source IP in audit logs if the cluster license is Gold+ (or Trial).