API Key
The secret credential that authenticates and bills your API calls — and must never reach a browser.
An API key identifies your account to the provider. Anyone holding it can spend your budget and read your usage, so keys belong on a server or in a secrets manager, never in front-end code or a public repository. Rotate them and scope them wherever the provider allows.
In practice: A key committed to a public repo gets found and used within minutes.