Bitly | Third Party Tools for Publishers

To ensure that the security of your API key is not compromised, we strongly recommend that all shorten requests are made server-side. If this is not possible, we recommend that you encrypt or otherwise obfuscate your API key within the source code of your page. Note that even encrypted API keys can be compromised when passed to our server via client-side code.

via Bitly | Third Party Tools for Publishers