Hey,
i am using the web SDK, but as i see, the app key and secret must exist in client side for using zoom tags and objects.
i afraid from security issues - i don’t what can happen if somebody will steal the app key and secret - maybe he can create a lot of webinars or something like that?
please advise me how i can solve this issue?
i am using React(Javascript) FrontEnd.
Hi @sharon,
Thanks for reaching out. Actually, the Web SDK sample app code is not to be used in production as is, it’s supposed to get you quickly setup locally.
You will need to generate a signature using your API Key/Secret stored on the backend and then pass the signature to Zoom.init function on the frontend to start the meeting. Here are some sample codes to help you generate a signature[1].
1 - https://marketplace.zoom.us/docs/sdk/native-sdks/web/essential/signature
Let us know if you have any other questions.
Thanks
Hey,
Thank you very much.
it make sense, we will try it.
Thanks a lot!
Let us know if you have additional questions! 
-Tommy