Redirect Notice

As of April 12th, you must go to Progress SupportLink to create new support cases or to access existing cases. Please, bookmark the SupportLink URL and use the new portal to contact the support team.

You will be automatically redirected to SupportLink in 10 seconds.

How can we help you today?

Start a new topic
Discussions Kinvey Forums General Discussion

app secret not a secret?

Hi I am new to this so please excuse me if this is dumb question. I have been playing with the HTML5 integration when I realised that my appKey and appSecret are exposed in the JavaScript that is loaded by the browser where anybody can read it. I always thought authentication must happen on the server side, lat's say in PHP script. What is the use case for the HTML5 integration?
2 CommentsSorted by Newest First
Hi Gal



that actually explains a lot. Thanks

Hi Daniel, the app secret has very limited privileges, and as such it is safe to include it in a client-side app. Usually, the app secret is then used to register users, and the users' credentials/auth tokens are then used to perform more sensitive operations. For more detail on the three types of authentication and the appropriate uses for each of them, please check http://devcenter.kinvey.com/rest/guides/security#credentials
Login or Signup to post a comment
More topics in General Discussion
See all 316 topics