It’s important that you never expose the API key to your frontend. What you can do to refresh the token is set it up so that whenever you want to update it, you call your server side to get a new token. That way, you don’t need to expose the API key because it sits securely on your server side.