Keep your API keys secret. Do not expose them in client code or public repos. Use environment variables.