I am going to make a simple web app. It will only have a few pages at most, and the main focus of the app is making calls to an api and doing stuff with that info.

I want to know what the best way is to keep my api key secure. Are there extremely lightweight frameworks that I can use for this? Should I just create a php page at the root? I could build something with codeigniter, but that seems like it is too much for what I need.

Keep the API key in a file outside of your web root. Then include that file in any file that will require its use. By placing it outside of the web root it cannot be accessed directly through a web browser or other similar means.

<?php
    // Assuming this file is in the web root
    require('../api_keys.php');