Correct me if I’m wrong. But it looks like, you’re trying to hide a API-key in client-side code, right?
If that’s the case, sorry to break it to you, but there’s literally no way to keep it completely hidden. No matter what you do, a client-side code is always accessible by anyone and someone desperate enough can dig into it and get the required material.
What you can do instead, is use something like Netlify Functions to fetch and return data from some API. In this way, you can keep your API key hidden in a Netlify Environment Variable. However, in most cases, you’d have to use NPM. NPM would be needed to access libraries like Firebase, FaunaDB, etc.