How to handle API Keys

[thelicato]

Is it safe to disclose my API Key (not the secret) to the users of my app? For example returning it in the body of a response to later use it to upload signed files?

[PixelCook]

Hi there,

The API key is fine to have public. You should never expose your API secret in client-side code or in any other way outside your organization.

Read more about API keys via our docs:
https://cloudinary.com/documentation/developer_onboarding_faq_find_credentials