Cryptography Question ( About security of Keys )

Hello Gus ,

I Have here 2 questions about Keys …
First : If I am Using AES-128 or 256 or any no one can Know my key throw 3rd party programms and decode the Hash ? as we do it for Securing API … I don’t have a huge knoweldge about this subject but if API can be extracted by 3rd Party Apps why not Key too ?
or API Can be extracted because of Online Connection and that don’t considered on “Key”

Second Question : is it better to set " Key" in Design or in Blocks using “Obfuscated text” or there is no diff where to place they “Key” … same for API + Spreedsheets Base IDs … etc