Treat your API key like a password. Do not share it publicly. Regenerating a key will invalidate the old one immediately.