There are two options:

1. You either build some kind of backend that keeps API secrets away from the frontend, and it will make sure they are only used in authorized cases.
2. You will use some access tokens that are safe to be shared publicly.

If you have access to some data on the frontend side, it's already outside your control.