heypiotr
commented
6 years ago In your app's settings, you can uncheck the "Allow this app to configure your devices" box, and then the token only allows access that we consider safe for the public clients: read settings/tags/attachments/indoor locations; and upload telemetry/analytics data from the beacon.
And BTW, for questions, it's better to use Estimote Forums: https://forums.estimote.com
gchallen
Is it safe to expose the Estimote APP_TOKEN to the client, or should some steps be taken to obscure this value? (Although they are probably not going to be particularly effective.)
I'm just not sure what kind of other requests could be made using that token.