if any one can catch the request using tools like “charles proxy” he can get the application-id and secret-key appear in the request header.
is there anyway to handle this?
even if you are using native mobile app, if anyone can catch the request headers using tools like “charles proxy” he can using the same API with key and secret. i will do more research about it and i will add my suggestion if i found anything will help. btw great work thanks all
My point is this: hiding your secret key is NOT the way to secure your app. Yes, anyone can get your key using Charles, that is exactly the reason why you should secure your app using Backendless roles and permissions.