You can set permissions for user-owned API keys when you create a new secret key or by editing an existing key. Organization or project owners can create service account keys from the Service account owner option. If you do not see this option, ask an organization or project owner to create the service account key. The key-creation dialog does not show these permission controls for service account keys.
To create a new secret key, select Create new secret key in API Keys page of the Developer Platform. Once created, you can edit a key by selecting the edit icon.
Three levels of permissions are available: All, Restricted, and Read Only.
All — Full permissions are set for the secret key. This is the default setting.
Restricted — Lets users choose specific API-key scopes for resources/endpoints. Available choices vary by resource and can include None, Read, Write, or request-specific permissions.
For example, you create an API key that specifically does not have permission to Read or Write to the /v1/assistants endpoint:
Read Only ― Read permissions are set for all endpoints.