Got it! This thread here may be helpful. You can setup a nginx server that adds Authorization headers for a specific user to auto-authenticate requests. This is likely more secure than embedding credentials in your client-side code.
If this a public-facing site, I definitely recommend using credentials for a user with the kibana_dashboard_only_user role so they cannot modify any Kibana data.