diff --git a/packages/auth/src/objectStore/index.js b/packages/auth/src/objectStore/index.js
index c6d1c3e2ce..a157332ae5 100644
--- a/packages/auth/src/objectStore/index.js
+++ b/packages/auth/src/objectStore/index.js
@@ -34,11 +34,15 @@ function sanitizeKey(input) {
   return sanitize(sanitizeBucket(input)).replace(/\\/g, "/")
 }
 
+exports.sanitizeKey = sanitizeKey
+
 // simply handles the dev app to app conversion
 function sanitizeBucket(input) {
   return input.replace(new RegExp(APP_DEV_PREFIX, "g"), APP_PREFIX)
 }
 
+exports.sanitizeBucket = sanitizeBucket
+
 function publicPolicy(bucketName) {
   return {
     Version: "2012-10-17",
diff --git a/packages/server/src/utilities/index.js b/packages/server/src/utilities/index.js
index 1c85d9c7b4..320d4a3eb5 100644
--- a/packages/server/src/utilities/index.js
+++ b/packages/server/src/utilities/index.js
@@ -1,6 +1,7 @@
 const env = require("../environment")
 const { OBJ_STORE_DIRECTORY, ObjectStoreBuckets } = require("../constants")
 const { getAllApps } = require("@budibase/auth/db")
+const { sanitizeKey } = require("@budibase/auth/src/objectStore")
 
 const BB_CDN = "https://cdn.app.budi.live/assets"
 
@@ -43,7 +44,9 @@ exports.objectStoreUrl = () => {
  */
 exports.clientLibraryPath = appId => {
   if (env.isProd()) {
-    return `${exports.objectStoreUrl()}/${appId}/budibase-client.js`
+    return `${exports.objectStoreUrl()}/${sanitizeKey(
+      appId
+    )}/budibase-client.js`
   } else {
     return `/api/assets/client`
   }