Description
Want to make entirely sure that it’s okay to expose our JWT app API Key through client-side operations (usage in web SDK) and that no encryption is needed. I know the API Secret should absolutely not be exposed, but I couldn’t see it anywhere specified whether the same was true for API Key.
Hey @mattmcd,
Thank you for reaching out to the Zoom Developer Forum. Good question! It is indeed safe for you to expose your API Key in the Client-Side code of your application. As you noted, it’s the API Secret that you’ll want to secure through encryption when you provide a signature to the Client-Side.
Thanks,
Max
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.