This unfortunately is the only secure way to use authenticated APIs in the browser.
3rd party API usage in the browser via CORS only works for non-authenticated endpoints, otherwise anyone visiting your site would have access to your private key (which should be treated as though it were your account password.)