Very nice @PaulRB!
The first way I can think of is to create a small REST API interface between your Server and Client…
Server could have something like an index.php script that does not expose your details, but does all of the requests to the spark API, and then returns the data to your client app.
The client app would be very similar to what you have there, but just sending requests to the index.php script.
See this example:
This would also work with any server technology really… like a node.js server. Anything you can create a robust API with that won’t expose or compromise your server.