Should secret keys be hidden from users?

+1 vote
I noticed that in the Javascript API I should put my secret key into the javascript.  If the javascript is running in the browser, is this a security concern?  Or are those keys not really a "secret" so much as a way to identify the app?  That is, the key doesn't get any privileges to the user, only if they can log in as an adminstrator will they get any "powers" from using the secret key?
asked Nov 24, 2014 in App42 Cloud API-BaaS by dobesv (26 points)
closed Nov 24, 2014 by dobesv

1 Answer

+1 vote
I think I found my answer here:

http://api.shephertz.com/tutorial/Securing-Your-App/?index=security-acl

Basically the secret key isn't used for authorization if ACLs are turned on, the admin key would be used for that purpose, or a user account.
answered Nov 24, 2014 by dobesv (26 points)
Download Widgets
Welcome to ShepHertz Product line forum, where you can ask questions and receive answers from the community. You can also reach out to us on support@shephertz.com
...