Do you need to set up different API key restrictions?
"An API key is unrestricted by default. Unrestricted keys are insecure because they can be viewed publicly, such as from within a browser, or they can be accessed on a device where the key resides.
"For production applications, set both application and API restrictions."
Adding restrictions to API keys