I haven’t used this package, but speaking generally, you would store credentials for an authenticated API on the server only (and do server to API calls).
A quick scan through that npm package suggests that you are able to access the public API from the browser, but also says:
Note: this is not secure. People will be able to see your API key, and this is pretty much the worst idea™…
And goes on to cover the case where your client proxies calls to the API through the server. In Meteor this is really easy with
call/method and protects your credentials from the client.
Just a word of warning: don’t store your credentials in a public repo on github (or wherever)!