api – How should I handle a scalability problem during routing my requests from server?

I have faced a problem with the initial design of my system where sensitive information was being sent to the front-end and front-end was responsible for calling 3rd party APIs. As you have probably guessed it was extremely vulnerable to attacks. To remedy this I added a back-end system to proxy those requests and call the 3rd party APIs on behalf of front-end. The issue with this approach is it is not scalable at all. I am currently looking at additional 15 servers to handle the current load and it is increasing day by day.

Any advice on how can I remove this back-end requirement? is there any way to make the front-end still call the APIs but secure the data?