In an mvc framework like angularjs, so far examples ive found stores the database credentials in an app.constant property in an app.js file, this is easily readable by users
in my case im connecting to mongolab via a service loaded from a mongolab.js file. my apikey is defined in there, and of course i have no access to the mongolab backend to have it receive a hash
what would be best practice to tackle this? preferably with pointers to some material i can study.
Why don't you connect to mongolab server side? Clientside will always be at risk, even if you use encryption.
In angular, you would have a service (using app.factory()), which connects via your service layer (using jsonp or another format), which will check his 'connector table' to call the right (external) service. Here is a very simple scheme:
Client (js) --> Server (java, php, ...) --> Service 1
--> Service 2