Introduction to keys
The HyperTrack API follows HTTP basic auth to authenticate API calls with a token. Every API call needs to have the Authorization key sent in the request header with the token. If you are using the API helper libraries and/or the SDKs, they need to be configured with the token, as described in their setup instructions. After configuration, they handle the authentication headers internally.
The secret key is authorized for all API calls - to create, edit, list, retrieve and delete data. It looks like
The secret key is used on the server-side, for backend-to-backend communication. The API helper libraries for backend use the secret key. As the name suggests, you should never share your secret key., which includes putting it into any public code source.
The publishable key is authorized for read-only API calls for specific data entities, and some write methods from the SDKs. With the publishable key, you can retrieve one or more entities with their unique id. It looks like
The publishable key is used by the SDKs in your mobile apps. You can hard-code the publishable key in the app.
There are two types of environments for your HyperTrack account:
- Production environment: Unlimited users, unlimited actions, actions billed monthly (see pricing)
- Test environment: 20 users/day, unlimited actions, actions free to use
For each of these two environments, we provide you with two different sets of keys with different nomenclature:
- Test Account Secret Key: sk_test_123456
- Test Account Publishable Key: pk_test_123456
- Production Account Secret Key: sk_123456
- Production Account Publishable Key: pk_123456
[info] Rolling keys
If at any point, you think your keys have been compromised, send us a request for a new secret or publishable key for your account. We will roll your keys. Note that the previous keys will no longer be authorized, and any API calls with the old keys will fail with 401/403 HTTP status code.