All api calls are running server side (at the moment you didn’t activate the checkbox “try to run on client” that is only available if you don’t have any headers or parameters.)
The only way to expose the api key is if you set it dynamically in a parameters on frontend. But I’m pretty sure this is not your case for this API and you set this on API Connector correctly.