There's no secure way of keeping API keys safe in JavaScript in the browser.
Best solution I've found is to build something similar to a proxy, you make the call to the service, but instead of sending it directly to the remote API, you send it to your own API which then adds the sensitive bits (like API key) to the message and then simply passes it through to the remote API and passes back the response.
This way you can also work around cross-domain issues.