How to secure my app id and api key?

I’m working on a mobile app for android and IOS.
As we know that the app id and API key, are required to initialize Backendless on the client-side, and I don’t know how hard it is for hackers to get my code, but I think it is possible. and even if it’s not possible, I prefer to be on the safe side… And if they obtain my app id and API key, they can write a piece of code and get anything from my database.

first of all, am I misunderstanding something?
and if I’m understanding it, what is the best way to secure my app id and API key?

The app id and API key(s) are not meant to be secure. They are used by the back to identify your app and the type of client which makes the request. What makes your backend secure is the security policy you put in place on the server side. That includes how you establish permissions for different roles/operations, whether you disable access to the non-authenticated users, etc.