Is it safe to include keys/secrets in my client-side JavaScript app? : Kinvey Customer Support Portal

How can we help you today?

Start a new topic

Is it safe to include keys/secrets in my client-side JavaScript app?

Ivan Stoyanov

started a topic over 5 years ago

Wouldn't anyone be able to inspect the JavaScript, retrieve the secrets and gain access to my backend?

2 Comments

Ivan Stoyanov

said over 5 years ago

It is safe to include the app secret in client-side code (the same question is valid for native apps). The app secret has minimal privileges and uncovering it does not pose a risk to your data in any way.

For more information, see http://devcenter.kinvey.com/guides/security

Justin Noel

said over 5 years ago

Here's another stab at this same answer : http://calendee.com/are-baas-providers-secure/