React Native Integration Error

Imported react-native-sentry@0.29.0, linked it react-native link, and completed the setup. However, we’re now receiving an error asking for a secret key. Don’t know where that goes, or what secret key they’re referring to.

Invalid DSN, the following properties aren't set '[secret key]'

Here is the full stacktrace:

10-26 16:56:19.786 9922-9944/com.modenero.xxxxxxxx E/AndroidRuntime: FATAL EXCEPTION: mqt_native_modules
     Process: com.modenero.xxxxxxxx, PID: 9922
     io.sentry.dsn.InvalidDsnException: Invalid DSN, the following properties aren't set '[secret key]'
         at io.sentry.dsn.Dsn.validate(Dsn.java:211)
         at io.sentry.dsn.Dsn.<init>(Dsn.java:65)
         at io.sentry.dsn.Dsn.<init>(Dsn.java:40)
         at io.sentry.SentryClientFactory.resolveDsn(SentryClientFactory.java:73)
         at io.sentry.SentryClientFactory.sentryClient(SentryClientFactory.java:42)
         at io.sentry.Sentry.init(Sentry.java:81)
         at io.sentry.RNSentryModule.startWithDsnString(RNSentryModule.java:99)
         at java.lang.reflect.Method.invoke(Native Method)
         at com.facebook.react.bridge.JavaMethodWrapper.invoke(JavaMethodWrapper.java:363)
         at com.facebook.react.bridge.JavaModuleWrapper.invoke(JavaModuleWrapper.java:162)
         at com.facebook.react.bridge.queue.NativeRunnable.run(Native Method)
         at android.os.Handler.handleCallback(Handler.java:751)
         at android.os.Handler.dispatchMessage(Handler.java:95)
         at com.facebook.react.bridge.queue.MessageQueueThreadHandler.dispatchMessage(MessageQueueThreadHandler.java:31)
         at android.os.Looper.loop(Looper.java:154)
         at com.facebook.react.bridge.queue.MessageQueueThreadImpl$3.run(MessageQueueThreadImpl.java:194)
         at java.lang.Thread.run(Thread.java:761)

Hey, you need to use your DSN including the secret. You can find it in the project settings page where you copied the public DSN.

Why is the secret needed? Isn’t that a security risk?

The only difference between the public and non-public DSN is that the one without the secret was intended for websites and does some same origin checking to prevent abuse.

Since you’re running on a users device, there is no such thing as same origin checking so you have to use the “non-public” one.

If somebody gets your non-public DSN (the one with the secret) the worst they can do is post fake errors to you.