Web SDK - Realm App ID


I 'm currently using the realm web-sdk for the client side, and had to include the realm app id to initialize the a new Realm.App instance for logging in and calling user.functions etc.

Issue: anyone who visits the site can do a quick inspect and find out the Realm App ID.

Question: are there any creative ways to hide the realm app ID on the client side browser?

would using a webhook to retrieve the realm app id help? (although the user can still interject and view the app id)

or would using a webhook to perform all subsequent login/user functions do the trick.


Is there a particular reason that you’re concerned about end users finding your App ID?

A Realm App ID is a non-sensitive, public ID so there should be no reason to hide it. That is, if someone has your App ID they can’t do anything they couldn’t already do with your app.

The reason this works is because Realm (a) makes you log in with user-specific credentials and (b) enforces rules on the backend - these are your app’s security measures and end users have no way to view or modify your rules.