API keys are used for authentication, they are simple encrypted strings that identify an application without any principal. API key '{GcpApiKey}' is not restricted only to required APIs. In order to reduce attack surfaces by providing least privileges, API-Keys can be restricted to use (call) only APIs required by an application