Firebase Auth Security

[koji98]

Hello, I was wondering how to to secure firebase auth. I plan on using firebase JUST for user authentication (not using firestore or realtime db). Since the API key is exposed on the client, my fear is that a malicious user can find the key and start using it inappropriately. So far I've done the following to try to improve security:

1. Limit key use to a specific domain
2. Restrict the key to only be able to use "Identity Toolkit API"

Is there anything else I should do here?