Restrict api key usage

Is there a way to restrict API key usage to a domain / IP ?
This ensures that even if someone gets hold of your key, they cannot use it outside the allowed domain or IP range.

I want to write some vanilla js code and use the api key. but i can’t without it being leaked in browser.
or should I just Use a Backend to Handle API Requests

Hello, @JesterOC.

You should make all requests through authorized users and issue roles and permissions for each user.
You can use user-roles for restrictions: User Management → Security Roles.

Regards, Nikita.