Hi, @simonxcode. The environment variables exist in the build system alone. They do not exist anymore once the build completes.
If you want to keep your API a secret (meaning not embedding in in the client side javascript where anyone could steal it) then the solution is to use Functions to do so.
There is a support guide about this here:
Would you please read that support guide above and then let us know if there are other questions about this?