I need to host my client side API key on github pages to share my project. except the API key will be publicly shown in the source code since it is a client side API key. Does ESRI have any protections for this case?
It's a good question @gggg. Here is our official documentation on the subject:
In short, it's a good idea to limit your API key to consume only the services you require, and use the allowed referrer to limit usage to your app's URL. Also, you should monitor the API key's usage, and delete it when you're done, and/or rotate your API key as needed.