Logging in with the personal API key is recommended for automated workflows or providing access to an external application.
Logging in with email and password is recommended for interactive sessions.
Also
Logging in using email and master password uses your master password and can therefore string together the login and unlock commands to authenticate your identity and decrypt your vault in tandem. Using an API key or SSO will require you to follow-up the login command with an explicit bw unlock if you will be working with vault data directly.
This is because your master password is the source of the key needed to decrypt vault data. There are, however, a few commands that do not require your vault to be decrypted, including config, encode, generate, update, and status.