API Keys & Credentials
Your project has several credentials. Here’s what each one does and where to find them.Project ID
Used to identify your project in SDK and API calls. Can be safely included in client-side code.
API Key
Used by the iOS SDK to authenticate requests. Safe to include in your app — it’s designed for client-side use and has appropriate rate limits and permissions.
Project Slug
Used in your portal URL:
https://featkit.com/p/[slug]
You choose this when creating your project. It’s public and appears in the portal URL your users see.
Secret Key
Using the iOS SDK? You don’t need the Secret Key. The SDK uses the API Key for authentication. Secret Keys are only needed for Signed Links in web apps.
Which credentials do I need?
Rotating credentials
Rotating API Key
If your API Key is compromised:- Go to Project Settings → API Keys
- Click “Rotate API Key”
- Update your app with the new key
- Old key stops working after grace period (24 hours)
Rotating Secret Key
If your Secret Key is compromised:- Go to Project Settings → Signed Links
- Click “Rotate Secret Key”
- Update your backend with the new key
- Old key stops working immediately
Rotating your Secret Key will invalidate all existing signed links. Users will need to open fresh links from your app.