Just to extend onto Brians perfect answer.
If you have an API key that was given to you and you alone like a serial number for an application, and the API key provided is not locked down by Domain name usage then using Client Side would expose your API Key to anyone that would like to use it, and that is really not a good situation, and you should then rather use Server Side to hide the sensitive data.
If the API key is however free for the public to use then a client side API call would be fine.
-
A user looks for the hotel is one API call to get a listing of possibly 100 hotels within their selected area, this is a slower API call because you are using a wide query parameter of City in your case, so could produce multiple results.
-
The user then clicks the hotel they are interested in should be a second API call as the hotel data will probably be to different query parameter of an ID or the hotel name or something, and will probably have more hotel data attached to it than the basic one used for a full listing above.
-
The user then chooses to book the hotel and it goes through to either a Siteminder / Booking Button, Bookeo, Nightsbridge, Activitar, type system that should be compatible with multiple booking systems used by the physical hotels such as Galeleo, GDS, Amadeus, etc. As you need to be compliant with whatever channel manager the hotel uses with their reservations system.
In my opinion you should be only using server side API calls in an application like you are trying to make.
EDIT: If I can give you one strange piece of advice, make sure that you do this all on a secure environment with SSL because other applications you may want to interact with later will not allow a call from a non SSL domain, I have found this issue with WETU, and you might want to get much of your data from WETU API calls as far as wording and imagery go.