First of all, encrypting an API URL or key is not a way of making it secure. As whenever it get called you can easily log that in any HTTP traffic logger tools. (It’s completly pointless, you invited a tester without knowing the fundamentals of the thing you are using)
obfuscated text
Produces text, like a text block. The difference is that th etext is not easily discoverable by examining the app’s contents. Use this when creating apps to distribute that include confidential information, for example, API keys.
Warning: This provides only very low security against expert adversaries.
Source: MIT App Inventor Text Blocks
There are plenty of ways to securely transfer data or communicate with servers using API calls. One of the best method is encrypting data (Query Params | Body Params) of using a secured key ( Which you can protect using obfuscated text, but make sure not to transfer/share secured key during api calls.) and AES or any other encryption method. We do have security component available in builder.
For extra security you can even use methods like, Diffie Hellman key exchange, in which you can generate unique security key dynamically on client and server to securely communicate and transfer of data.
Changed Topic Category to Discussion, As it’s not relevant