On the front-end, such as the Twitch API, I am not aware of any way to use an API key but not expose it.
The worst thing that should be possible when exposing an API key to the client is they use it and hit an API limit. If they can do anything worse than that, then you shouldn’t be exposing the key to the client.
On the back-end it’s much easier to hide API keys, such as a Client ID or a Secret by using a process.env variable to store the value of the key on the server, and then just reference that variable whenever you need to use the key. Like how the FCC KB suggests using a process.env variable for the MONGOLAB_URL when setting up MongoDB for deployment to Heroku.
Looking back at my Twitch Project, just followed the steps in this FCC KB on building the Twitch Project without an API key: