...
In the Android project, create the xml directory (/app/src/main/res/xml) if it does not exist. Then, copy the mobileprotect.xml config file into the xml resources folder.
That The XML file contains an AUTH_TOKEN key, that ; however, the key is NOT SENSTIVE. The key is only used to identify the data sent by Mobile Protect and can’t to the backend, but cannot be used to pull any data from the app nor the backend. A different and more secure key is required for pulling data. It is safe to commit and have the token in the .apk as it is used as an identifier, similar to Google's Firebase: https://firebase.google.com/docs/projects/api-keys
Step 5: Start Mobile Protect
...