HTTP referrer URLs will let you whitelist domains from which API calls originate. We've setup a quick post with details here.
You can define a list of URLs authorised to call our APIs or Maps with an access token. If not specified or empty, the API will default to any URL. URLs can be targeted by matching a prefix or a suffix using the * character. For multiple HTTP referrers, specify one pattern per line.
Please login to the user dashboard and click on 'Access Tokens' and then 'View' on a specific token.
A few examples:
"https://example.com/* will restrict access to all referrers starting with https://example.com
*.example.com will restrict access to all referrers ending with .example.com
If you want to allow access for the full domain example.com, you can use *example.com/*