Web SDK - Realm App ID


I 'm currently using the realm web-sdk for the client side, and had to include the realm app id to initialize the a new Realm.App instance for logging in and calling user.functions etc.

Issue: anyone who visits the site can do a quick inspect and find out the Realm App ID.

Question: are there any creative ways to hide the realm app ID on the client side browser?

would using a webhook to retrieve the realm app id help? (although the user can still interject and view the app id)

or would using a webhook to perform all subsequent login/user functions do the trick.


Is there a particular reason that you’re concerned about end users finding your App ID?

A Realm App ID is a non-sensitive, public ID so there should be no reason to hide it. That is, if someone has your App ID they can’t do anything they couldn’t already do with your app.

The reason this works is because Realm (a) makes you log in with user-specific credentials and (b) enforces rules on the backend - these are your app’s security measures and end users have no way to view or modify your rules.

1 Like

It is a good clarification, I had the same question and I was looking for an answer for a long time, for those who are just starting out and do not know much it is a common question, it would be excellent to add a manual note to save time, the clarification is greatly appreciated App ID is a non-sensitive information @nlarew