Comment on Commoditising and democratising investment technology
This is a much discussed topic when it comes to API keys and distributed client apps, and the most secure and widely adopted practise is to maintain a backend.
There’s simply no way to 100% securely hide the secret key in a client application.