I see in this thread that hiding credentials from the front end of a website is not possible, but I was wondering if there was an option to restrict calls to a single domain? To prevent the possibility of another site linking to the same content.
Currently Contentful does not restrict requests by domain.
You use your api keys (which should remain a secret) to access your data.
I would highly recommend putting your requests behind a server so that you can keep your keys private.
Here is a tonic example where a node server has the access key set up as an environment variable: