Start a new topic

Is it safe to include keys/secrets in my client-side JavaScript app?

Wouldn't anyone be able to inspect the JavaScript, retrieve the secrets and gain access to my backend?

It is safe to include the app secret in client-side code (the same question is valid for native apps). The app secret has minimal privileges and uncovering it does not pose a risk to your data in any way.

For more information, see
Here's another stab at this same answer :
Login or Signup to post a comment