Exposing Widget Node Route to front-end

Exposing Widget Node Route to front-end

I'm building a widget that needs to contain an API key. So, naturally, this needs to be in the backend side of Node so that the code cannot be viewed in the browser console.

I've created an express route in the node backend, for example:
  1. expressApp.get('/api/get-key', (req, res) => {
  2.       // create auth key
  3.       key = "123445234";
  4.       res.status(200).send(key)
  5. });

On my localhost, I can easily grab this by exectuing this in the front-end of my widget:
  1. const res = await fetch('../api/get-key', {
  2.             method: 'GET'
  3.         });
  4. key = await res.text();

The problem is that when I publish this widget live, the URL is dynamically created. Every time my front-end JS tries to fetch the route, it hits a 404.

Any ideas, can someone point me in the right direction?
Or, is my approach to having the api key in the backend only wrong?

I'll take any advice you have for me! 

Thanks!
PJ