I am trying to integrate PayPal Subscription API to my website and there is this line of code in the html
<script src="https://www.paypal.com/sdk/js?client-id={{client_id}}&vault=true&intent=subscription">.
And that made me curious if it is really safe to put my Client Secret there, where everyone would able to see it through dev tools
The PayPal JS SDK must always be loaded with a
client-idvalue, as documented. That is the purpose of this value.A REST App's
secret, which is a different value, should never be used in any client-side code such as HTML or public JS.