Hi everyone,
I came across <this thread> via Goog...
# ask-questionss
square-umbrella-76652
12/03/2024, 9:46 AMHi everyone,
I came across this thread via Google but noticed it’s no longer available in the channel (possibly archived).
I’m seeking clarification regarding the potential risks of exposing the client key in the frontend. The thread mentioned that having access to the client key allows retrieval of feature flags and associated rules. My concern is whether these rules might contain sensitive details, such as customer information or business logic.
Could someone confirm if this is the case? Any guidance would be greatly appreciated!
Thanks in advance!
f
fresh-football-47124
12/03/2024, 10:54 AM
The client key identifies your SDK end point, and that's public
fresh-football-47124
12/03/2024, 10:55 AM
the API key, that should be kept secret if you created one
fresh-football-47124
12/03/2024, 10:55 AM
you can look at the SDK end point to see what its returning
fresh-football-47124
12/03/2024, 10:55 AM
it will contain the flags, and any rules and targeting conditions
fresh-football-47124
12/03/2024, 10:56 AM
this usually is safe and has no PII - but you can taget to a list of emails, or other PII and that may be exposed. We recommend not doing that or using hashed attributes in those cases
37 Views