We recommend that you do not send telemetry directly to New Relic's OTLP endpoint from a browser application because this could expose your license key.
Support for instrumenting browser, mobile, and other client-side applications to enable real user monitoring (RUM) with OpenTelemetry is currently limited and under active development. While you may use the OpenTelemetry API or OpenTelemetry JS to instrument an application running in the browser, it is never safe to include your New Relic license key or other sensitive data as they may be easily obtained.
You can layer the following practices to mitigate the risks associated with an exposed key:
- Run the OpenTelemetry Collector between your application and New Relic's OTLP endpoint to avoid exposing your key in a client's browser.
- Create a dedicated license key to ingest telemetry data from browser applications that can be easily revoked if it is used maliciously.
- Understand the many risks associated with an exposed key including the possibility of running into usage limits or billing problems.
- Use a separate, isolated account for browser telemetry data sent via OTLP to limit the potential negative effects of an exposed key.