If you use a backend search implementation, it's likely that all your search traffic is being directed through a single IP address (the address of your server).
Generating a new rate-limited Search API Key may impact normal search users in cases where there is a bot spike. You can still use a rate limited API key, but you'll need to capture the IP of the end user and send it with the X-Forwarded-For header as part of the search query. You can read more about setting extra headers here - https://www.algolia.com/doc/api-reference/api-methods/set-extra-header/.
As you manage the servers receiving the requests from your users and sending the requests on to Algolia, you can implement your own filtering and rate limiting to combat bots. Third-party providers like Cloudflare have tools you can use to protect against bots too: https://www.cloudflare.com/security/malicious-bot-abuse