Why Master Key and not Client Key?

[sd-timaru]

Hi!
I want to use this lib in my application, but I have noticed that I need to supply the master key, which I consider to be a security issue.
In Parse documentation I found this:

_" The master key, on the other hand, is definitely a security mechanism. Using the master key allows you to bypass all of your app’s security mechanisms, such as class-level permissions and ACLs. Having the master key is like having root access to your app’s servers, and you should guard your master key with the same zeal with which you would guard your production machines’ root password.

The overall philosophy is to limit the power of your clients (using client keys), and to perform any sensitive actions requiring the master key in Cloud Code."_

And here i found this:

_"However, it requires a few precautions:

Never include your master key in any binary or source code you ship to customers;
Only use master key in the server side code;
Never give your master key to untrusted people."_

I tried to use the client key instead of the master, but I received "unauthorized access".
Can this library be modified to work with the client key rather than the master key?
Thank you!

[pcg92]

Hello,
You can use your client key, look at this:
#56

    Parse().initialize("appId",
        "serverUrl",
        clientKey: "clientKey",
        debug: true);

[phillwiggins]

Masterkey isn't really a security risk, depending on your server setup. As mentioned by @pcegarra you can actually just use your clientKey, instead of MasterKey anyway.