Why does the Google Geocoding API work without key?

Providing a key is not required for most geocoding API requests. When you do not provide a key, Google will use an IP-based quota to determine when you reach the 2,500-queries daily limit.

Some parameters require a key and will not allow IP-based quota. These are explicitly marked in the documentation with:

Note: This parameter is available only for requests that include an API key or a client ID.

Currently, this is only for two parameters in reverse geocoding: result_type and location_type.

source

Beginning on June 11, 2018, you’ll need to enable billing with a credit card and have a valid API key for all projects. This will give you the ability to scale easily with less downtime and fewer performance issues. In addition, we’re simplifying our 18 individual APIs into three products: Maps, Routes, and Places.

Also, in June 2016 we announced that we would stop supporting keyless usage, meaning any request that doesn’t include an API key or Client ID. This will go into effect on June 11th, and keyless access will no longer be supported. At that time, keyless calls to the Maps JavaScript API and Street View API will return low-resolution maps watermarked with “for development purposes only.” Keyless calls to any of the following APIs will return an error: Maps Static API (including Static Street View), Directions API, Distance Matrix API, Geocoding API, Geolocation API, Places API, Roads API, and Time Zone API.

To avoid a service interruption to your projects, please visit our Get Started page to enable a billing account and generate an API key. Once you generate and secure an API key, make sure to update your application with the new API key.