API Keys & Credentials
Your project has several credentials. Here’s what each one does and where to find them.
Project ID
| |
|---|
| What | Public identifier for your project |
| Format | proj_xxxxxxxx |
| Where | Project Settings → General |
| Safe to expose | Yes |
API Key
| |
|---|
| What | Client-side key for SDK authentication |
| Format | pk_xxxxxxxx |
| Where | Project Settings → API Keys |
| Safe to expose | Yes (designed for client apps) |
// Used in SDK configuration
FeatKit.configure(projectId: "proj_xxx", apiKey: "pk_xxx")
Project Slug
| |
|---|
| What | URL-friendly project identifier |
| Format | your-app-name |
| Where | Project Settings → General |
| Safe to expose | Yes |
https://featkit.com/p/[slug]
You choose this when creating your project. It’s public and appears in the portal URL your users see.
Secret Key
| |
|---|
| What | Server-side key for signing tokens |
| Format | sk_live_xxxxxxxx |
| Where | Project Settings → Signed Links |
| Safe to expose | NO — backend only |
Never expose your Secret Key in client code. This key is used to sign Signed Links for web integrations and must remain on your backend.
Using the iOS SDK? You don’t need the Secret Key. The SDK uses the API Key for authentication. Secret Keys are only needed for Signed Links in web apps. Which credentials do I need?
| Integration | Credentials needed |
|---|
| iOS SDK | Project ID + API Key |
| Web app (Signed Links) | Project Slug + Secret Key |
| Backend API | Project ID + Secret Key |
Rotating credentials
Rotating API Key
If your API Key is compromised:
- Go to Project Settings → API Keys
- Click “Rotate API Key”
- Update your app with the new key
- Old key stops working after grace period (24 hours)
Rotating Secret Key
If your Secret Key is compromised:
- Go to Project Settings → Signed Links
- Click “Rotate Secret Key”
- Update your backend with the new key
- Old key stops working immediately
Rotating your Secret Key will invalidate all existing signed links. Users will need to open fresh links from your app.
