How to protect the Realm app id?

Hi All,
I have a simple question. When using the realm sdk for web, I need to specify the Realm app id in my frontend app. Can this be misused? If the realm app rules allow inserts, then what prevents someone from spamming my collection with inserts from his own app?


@Debashish_Palit : Welcome to the community.

Realm App id can considered as private property your app and shouldn’t be exposed, but can it misused is hard to answer.

Multiple features are available that can help you prevent such situation like

  1. MongoDB Realm doesn’t allow unauthenticated user access to the Realm Sync.
  2. You can enforced document structure validation while writing information.
  3. Development Mode should be disabled while realising app to production.
1 Like