API key overview
API keys provide a way to secure content types for your application. They grant full access to the content types and entries for your project and should be protected the same way you would protect a password.
There are a few common scenarios to keep in mind when working with API keys:
Give each website/application its own API key, and provide a clear name and description to each key so you know what it is used for. If a specific API key is compromised, you can disable that key without disabling access to all of your other applications.
If a key needs to be shared, generate a new key and name it accordingly so it can be disabled if required. Never email an API key, because it allows access to your content for a given project if hackers were to compromise your email account.