If you set them as a environment variable and consume them in your application (via process.env or import.meta.env), yes.
Private keys should never be put in client (browser) code.
If the api has a public/private pair keys mechanism, you can put the public one in the frontend-code, the api sdk usually handles the authentication process. (stripe as an example)
If the api only gives you a private key, you should not do your request from the frontend but have a backend that will basically serve as a proxy to the api using the private key.
If you set them as a environment variable and consume them in your application (via process.env or import.meta.env), yes.
Private keys should never be put in client (browser) code.
If the api has a public/private pair keys mechanism, you can put the public one in the frontend-code, the api sdk usually handles the authentication process. (stripe as an example)
If the api only gives you a private key, you should not do your request from the frontend but have a backend that will basically serve as a proxy to the api using the private key.