Frontend

Let’s say you’re making a react sdk that allows the installers users to send events to the sdk platform, where the installer can then view them. 

We can give the installer a publishable key to determine which events belong to them, but since this key is client side, couldn’t anyone spoof the key? 

Advice appreciated!

Staff Eng at Iron Fish 🐟 • Building BlockSocks 🧦 • Denver, CO 📍

couldn’t you set up a proxy server to spoof the referer?

You could have the installer specify allowed domains and only track events that come from that domain.