Safe to use API Key in client side code?

Want to make entirely sure that it’s okay to expose our JWT app API Key through client-side operations (usage in web SDK) and that no encryption is needed. I know the API Secret should absolutely not be exposed, but I couldn’t see it anywhere specified whether the same was true for API Key.

Hey @mattmcd,

Thank you for reaching out to the Zoom Developer Forum. Good question! It is indeed safe for you to expose your API Key in the Client-Side code of your application. As you noted, it’s the API Secret that you’ll want to secure through encryption when you provide a signature to the Client-Side.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.