I have been reading a lot of articles in regards to security and other parties reverse engineering your app and then flooding your APIs etc.

For my current (nativescript) app I am using Firebase for Auth and then have my own API URL hardcoded into the app.

I am considering using Firebase Remote Config to retrieve my API URL and then setting it in the app. In order to not have my API URL exposed.

I was wondering if someone has done this before? And if this approach is a good or bad idea?

Thanks. Robert