Step 3 – API Key restrictions
If you want to prevent unauthorized use and quota theft, you should consider restricting your API Key. API Key restrictions let you specify which websites, IP addresses, or apps can use this key.
The default Key restriction is None, which means exactly that: no restriction at all. If you are going to expose the API Key in the wild, we strongly recommend not to use it. If the Key is not going to be exposed or shared, then you can consider no restriction at all.
Finally, if you are going to use the API behind a firewall and want to restrict what IP can access with your API Key you can enable IP addresses restriction. You can enter a list of comma-separated IP without restrictions.