#Is it safe to expose the reverb app key in an client e.g. react spa or react native app?

Hi everyone
I have a WS connection setup between my laravel backend and react native frontend. And I want to make sure that I am not exposing anything that I am not supposed to expose.

So my question is, is it safe to expose the REVERB_APP_KEY to a client? Because as I understood it, I need this key in my react native to even establish a connection to the backend

the following is an excerpt from my react native app

  const echoInstance = new Echo({
        broadcaster: "reverb",
        key: process.env.EXPO_PUBLIC_REVERB_APP_KEY,
        wsHost: process.env.EXPO_PUBLIC_REVERB_HOST,
...

This is where i need init the connection and I use the key.

Is this safe to do? I am not sure how else I could do it.

Best Regards

That's correct, the key is exposed. It's kind of like a public key. With that you can listen to events, one would need to ID and secret to interact with the server
Granted, if you're on a recent version, because it was exploitable without the secret