Regenerate a regular/master API Key if you suspect it has being compromised. A regenerated API Key grants the same permissions as before, but has a new code/token. Maps/apps using a regenerated API Key must be updated to adapt to that change, otherwise they will stop working.
Send always an API Key in your API requests
Issue a new regular API Key per map/app. Try to avoid sharing keys between maps/apps
Grant the least amount of necessary permissions per API Key
Use the Master API Key sparingly
Keep your Master API Key secret!
Do not overuse the Default Public API Key. It’s meant for obviously public Datasets.