How to restrict a Google API key to a single service?

Question

I've made a project in Google API Console. The project uses 2 services: YouTube Data API and Google Maps JavaScript API. The first service is server-to-server so an API key is not exposed. The second service is client-to-server so an API key is exposed (sent to browser in an HTML code). If I use the same key both for the Maps API and the YouTube API, a user can take the key and use it to interact with YouTube behalf me (this is a problem).

A solution is to use separate keys for the APIs. How can I get an API key which is allowed to use with the Maps API but not allowed to use with the YouTube API?

Answer 1

Make two projects in Google API Console:

1. A project with server-to-server APIs enabled (YouTube API). The project API key is used only on the server and not exposed.
2. A project with client-to-server APIs enabled (Google Maps API). The project API key is exposed but can't be used to access YouTube because the YouTube API is not enabled in the project.