How to store & use your private API keys in a NodeJS Web App

Avoid common security blunders — (1) API GET Requests, (2) Hardcoding in Source Code & (3) Allow-Origin-CORs Error

A common costly mistake I noted many developers making is exposing their private API Keys in plaintext by either (1) embedding it directly in the parameters of a GET request or (2) hardcoding it within the source code: