thx for the further explanation @lolaswift1, now I understand your concern
you are right I don’t really see a solution right now right here.
spontaneously I’m asking my self if it would be possible to load the script asynchronously and get/receive the key from the backend.
or is it possible to specify a domain thru kind of a proxy in order to secure the access for the key in the API console? (see screenshot)
Update: I’m still thinking about it because in order to be PWA compatible I rather not use plugins. So I was just thinking about the idea of getting the key from the backend but actually that’s not a 100% secure solution neither. Ok it won’t be shipped with the app anymore but some sneaky person could still find it by sniffing or reading it once loaded 