The Appwrite API has two different modes he can work with, the first mode is the client mode which is the default mode and the second one, is the admin or server mode.
When using Appwrite from the client-side, you should go with the normal default mode. This mode allows every user of your project to access only resources he has granted access to. When running in admin mode, you remove Appwrite default access restriction and ultimately allow access to any of the resources available on your Appwrite project (files, documents, or collections).
For security reasons, the admin mode only works in combination with an API key. You can create an API key from the Appwrite console and you can choose what scopes of access you are willing to grant your SDK.
Please notice: passing an API key from a client SDK is a major security issue. Use your API key only from a server-side integration and make sure you store them securely and privately. There are many sources online that advise what the best practices regarding the storing of secrets and API keys on your server are.