How can I hide an external API key in a Wordpress PHP file?
You should use dotenv (.env) file for your API key.
You can install support for dotenv (.env) via the vlucas/phpdotenv package with Composer package manager for PHP on your server.
Easier option - if you don't have experience as you say, is to use a WordPress plugin dontenv, this you will create .env file and inside you will write MY_API_KEY=123456, then in your code, you can retrieve this .env key by using getenv('MY_API_KEY');
This is for PHP but your code is JS, so you should install npm package manager then run npm i dontenv
then in your code Bearer ${process.env.MY_API_KEY}
.
Also, .env files should not be uploaded on GitHub.