The Appwrite API has two different modes he can work with, the first mode is the client mode which is the default mode and the second one, is the admin mode.
When using Appwrite from client-side you should go with the normal default mode. This mode allows every user of your project to access only resources he has access to. When running in admin mode, you remove Appwrite default access restriction and completely allow access to any of the resources available on your Appwrite project (files, documents, user account profile and more).
For security reasons, the admin mode only works in combination with an API key. You can create an API key from the Appwrite console and you can choose what scopes of access you are willing to grant your SDK client.
Please notice: passing an API key from a client SDK is a major security issue. Use your API key only from a server-side integration and make sure you store them securely and privately. There are many sources online that advise what are the best practices regarding the storing of secrets and API keys on your server.