How secure are app properties?

I’m currently working on a project where I have to store a single string somewhere that is really 1:1 on a per tenant basis. How safe is it to store this string as an app property?

It used to be that the admin of the instance could retrieve this string (as well as that they could manipulate it) however I’m having an issue recreating this now. Has this behavior changed(or did I do a bad job recreating it?)?

/Daniel

3 Likes

Well, an end user can use AP.request on the front end to get the App properties for a particular app. So anybody that has access to that tenant effectively has access to App properties:

3 Likes

@daniel @danielwester Also note that if the target instance is open to anonymous users, the app property will not be available to the end user, so your app likely will not function for those users
- which relates to this unfortunately closed/won’t fix issue.

An example use case for this is storing the Google Analytics tracking ID (usually in the format UA-XXXX-YY) in an app property, so that an app can send the tracking event to Google Analytics.

1 Like

I guess you mean [AC-1908] - Ecosystem Jira

1 Like

Yup. Fixed the link. Thnx.