You can’t hide API keys on frontend part of your website. However, there are few cases like firebase where API secrets are public but it doesn’t harm you because privacy settings on firebase can protect you from Cross site requests.

It is always a best practice to request third party API from backend server. On the server you can store API keys in enviroment variables or use following services

1. https://aws.amazon.com/secrets-manager/
2. https://www.vaultproject.io/
3. https://azure.microsoft.com/en-in/services/key-vault/
4. https://cloud.google.com/kms/docs/secret-management

For more details on web application best practices you can refer The Twelve-Factor App