Your backend proxies to the gated API services on the client's behalf. This also allows you to avoid CORS problems. API keys stay nice and secure in key vaults or env variables and your backend can do client validation and authentication before firing off the requests.