In this guide, we will setup your API keys on HyperTrack. To use the SDKs and REST API, you will need the keys to authenticate yourself.
Introduction to keys
The HyperTrack API follows HTTP basic auth to authenticate API calls with a token. Every API call needs to have the Authorization key sent in the request header with the token. If you are using the API helper libraries and/or the SDKs, they need to be configured with the token, as described in their setup instructions. After configuration, they handle the authentication headers internally.
Authorization: token sk_1234567890abcde
The secret key is authorised for all API calls - to create, edit, list, retrieve and delete data. It looks like
The secret key is to be used on the server-side, for backend-to-backend communication. The API helper libraries for backend use the secret key. As the name suggests, you should never share your secret key.
The publishable key is authorised for read-only API calls for specific data entities, and some write methods from the SDKs. With the publishable key, you can retrieve one or more entities with their unique id. It looks like
The publishable key is used by the SDKs in your mobile apps. You can hard-code the publishable key in the app.
There are two types of environments for your HyperTrack account: Production and Test. For each of these two environments, we provide you with two different keys: secret and publishable key.
This is how the four keys look like:
- Test Account Secret Key: sk_test_123456
- Test Account Publishable Key: pk_test_123456
- Production Account Secret Key: sk_123456
- Production Account Publishable Key: pk_123456
Get your keys
- Sign up with your email and password.
- Verify your account by clicking on the link sent to your email.
- Login into the dashboard, and get your secret and publishable keys by visiting [Settings → Account](https://dashboard.hypertrack.com/settings).
[info] Rolling keys
If you think your keys have been compromised, at any point you can request for a new secret or publishable key for your account, by rolling your keys. Note that the previous key will no longer be authorised, and any API calls with the old keys will fail with 401/403 HTTP status code.