Hey! Thank you for your commenting. I was planning to cover this in part 3. Your solution is not really secure since the API key will ultimately be included in the bundle that is shipped to the client and will be visible in every network request in DevTools.
The right way to go about this is to build a backend and include the API key there so it’s invisible from clients. And of course, it should still be stored in an environment variable so it’s out of the source control.
I’m holding the production of part 3 for now because neither Next.js nor Remix are in a stable shape right now and I’m expecting some new and potentially breaking changes soon. I don’t want these changes to break my future course.