Skip to main content

API Keys & Credentials

Your project has several credentials. Here’s what each one does and where to find them.

Project ID

Used to identify your project in SDK and API calls. Can be safely included in client-side code.

API Key

Used by the iOS SDK to authenticate requests. Safe to include in your app — it’s designed for client-side use and has appropriate rate limits and permissions.

Project Slug

Used in your portal URL: https://featkit.com/p/[slug] You choose this when creating your project. It’s public and appears in the portal URL your users see.

Secret Key

Never expose your Secret Key in client code. This key is used to sign Signed Links for web integrations and must remain on your backend.
Using the iOS SDK? You don’t need the Secret Key. The SDK uses the API Key for authentication. Secret Keys are only needed for Signed Links in web apps.

Which credentials do I need?

Rotating credentials

Rotating API Key

If your API Key is compromised:
  1. Go to Project Settings → API Keys
  2. Click “Rotate API Key”
  3. Update your app with the new key
  4. Old key stops working after grace period (24 hours)

Rotating Secret Key

If your Secret Key is compromised:
  1. Go to Project Settings → Signed Links
  2. Click “Rotate Secret Key”
  3. Update your backend with the new key
  4. Old key stops working immediately
Rotating your Secret Key will invalidate all existing signed links. Users will need to open fresh links from your app.