its very very risky currently for organizations and anyone can use the key

it should only be hitted from backend server IP and rest all restriction