We don’t have specific recommendations for how you choose to hide the API key on your end.
We recommend reviewing these three documents:
Depending on your concern, you may want to create a limited key that you distribute to users that is sufficiently limited for your case. This doesn’t hide it, but it makes the key more limited.
Another option is creating a secured API Key, but this can only be generated for search only API keys.
For more general questions about security best practices, please refer to our guide here on security best practices as well as our other document here on shared responsibility.