Web SDK Security - APP Key+Secret

i am using the web SDK, but as i see, the app key and secret must exist in client side for using zoom tags and objects.

i afraid from security issues - i don’t what can happen if somebody will steal the app key and secret - maybe he can create a lot of webinars or something like that?

please advise me how i can solve this issue?
i am using React(Javascript) FrontEnd.

1 Like

Hi @sharon,

Thanks for reaching out. Actually, the Web SDK sample app code is not to be used in production as is, it’s supposed to get you quickly setup locally.
You will need to generate a signature using your API Key/Secret stored on the backend and then pass the signature to Zoom.init function on the frontend to start the meeting. Here are some sample codes to help you generate a signature[1].

1 - https://marketplace.zoom.us/docs/sdk/native-sdks/web/essential/signature

Let us know if you have any other questions.


1 Like

Thank you very much.
it make sense, we will try it.

Thanks a lot!

1 Like

Let us know if you have additional questions! :slight_smile: