Hi, @JpMaxMan, that answer depends on if you are calling that API during the site build process or at browse time.
If it is during the site build process, I would recommend storing the API key in an environment variable:
If on the other hand the API is used after the site is deployed, then the recommended best practices are to use a serverless function as a wrapper. This keeps the key out of the end user’s browser. More information can be found at the support guide link below:
Please let us know if there are any questions and, if so, which situations above applies to your site.