Why is FORTE_API_TOKEN missing from my website?
It's left out deliberately. A website ships its code to every visitor's browser, so a token reachable from client code would let any visitor act as the project owner.
If a server-rendered site needs project-level API access, store the token as a Secret on the website and read it only in server-side code paths — or better, put that logic in a service.