i am creating a web application using django (python) and am also using the moralis sdk as a script on the front end. however, I realised that the front end code is visible to my users - thus exposing my serverUrl and my appId. Is there any way I can hide these from the client to prevent any security issues?
one example I can think of is users using my serverUrl and appId to overwhelm my server with requests and maybe even hit the limit.
so does this mean that exposing the appId and serverUrl in our application is ok as long as we have the right security configurations?
also, is there anywhere I can view how many requests I have used up so far and how many i have remaining?
yess 
just make sure your classes have the right permissions, the only thing that is sensitive is the master key which you need to keep for yourself no matter what cost!
And for viewing how many request made not entirely sure with this, maybe @cryptokid or @kresimir have any input?
thanks yoseph! Iโm actually not using the database / cloud functions, Iโm only using the authenticate and Web3API (getNFTsForContract), so I do not need to use the master key - correct me if Iโm wrong?
yeahhh thatโs cool you donโt need them mostly yeah master key is for cloud functions and in case you have custom nodeJS server
Hi @rahulsw, yes, you can view your total requests usage in your account, by going to Account Settings -> Payment -> usage
Even though you donโt need to use the master key, you still need to pay attention to what was said about security. You need to lock your application before going public, otherwise anyone with your ID will be able to change your database.
Hi, How do you block the application to avoid abuse by those who read the url and id?
Not sure, I am still in the development stage. But you should read the documentation at https://docs.moralis.io/moralis-server/database/security. All the best!