Beta

Securing Your App

API Keys

Learn on how to best manage your API keys

CakeAuth authenticates your API requests using your account’s API keys. If a request doesn’t include a valid key, CakeAuth returns an invalid request error.

Use the Developers Dashboard to create, reveal, delete, and roll API keys. To access your v1 API keys, select the API Keys tab in your Dashboard.

Public Key & Private Key

TypeWhen to UseIs it safe to share publicly?How to useSample value
Public KeyUse it when interacting with the Frontend APIYesUse it in client side, can be publicly accessible in your web or mobile apps, can be safely log.pub_test_xxxxx pub_live_xxxxx
Private KeyUse it when interacting with the Backend APINO!Use this in a safe environment, primarily a server-side applications where restricted access. Roll this key regularly.sec_test_xxxxx sec_live_xxxxx

Production Environment & Development Environment

All CakeAuth API requests occur in either Development Environment or the Production Environment (not available during beta).

Use the Development Environment, and Production Environment for the actual users data. Each environment has its own set of API keys. Objects in one environment aren’t accessible to the other.

  • Keys for Development Environment will start with:
    • pub_test_ for public key
    • sec_test_ for the private key
  • Keys for Production Environment will start with:
    • pub_live_ for public key
    • sec_live_ for the private key

Keep your private keys safe!

Anyone can use your private key to make any API call on behalf of your environment, such as deleting user data or resetting user's password.

Keep your keys safe by following the keys best practices.

Get the Public Key

Each environment, has a dedicated Public Key. This public key is unique, auto-generated, and static. Meanings that it will be generated automatically for you, and it cannot (and doesn't need to) be changed.

  • If you haven't, setup your account first
  • Go to your environment Config sections
  • In the left sidebar, choose API Keys.
  • Your public key should be in the Public Key section

Create a Private Key

  • Go to your environment Config sections
  • In the left sidebar, choose API Keys.
  • In the Private Key section, click New Key
  • Create a name for your new key and click Create Key
  • Copy and store your private key securely

Revoking/deleting a Private Key

  • Go to your environment Config sections
  • In the left sidebar, choose API Keys.
  • In the Private Key section, click the trash icon for the key you want to delete
  • Click Yes, Delete

Last updated on

Previous

Cheat Sheet

Next

Best Practices for Managing Private Key

On this page