This may be the same question as API key with IP restriction vs HTTP Referrer restriction
My issue is that I'm using a wordpress plugin that allows you to provide one Google API key, but uses that key for both javascript (client-side) calls to Google that I would normally pair with a HTTP referrer restriction in the google API console AND server-side calls to Google APIs that I would normally pair with an IP restriction. Is there any way to tell Google to whitelist both an IP and HTTP referrer domain on a single key? I presume I may need to ask the plugin developer to separate that into 2 keys such that I can restrict one to the IP and the other by HTTP referrer.
