API Keys & Credentials
Your project has several credentials. Here’s what each one does and where to find them.
Project ID
| |
|---|
| What | Public identifier for your project |
| Format | proj_xxxxxxxx |
| Where | Project Settings → General |
| Safe to expose | Yes |
Project Slug
| |
|---|
| What | URL-friendly project identifier |
| Format | your-app-name |
| Where | Project Settings → General |
| Safe to expose | Yes |
https://featkit.com/p/[slug]
You choose this when creating your project. It’s public and appears in the portal URL your users see.
Secret Key
| |
|---|
| What | Used to sign authentication tokens |
| Format | sk_live_xxxxxxxx |
| Where | Project Settings → Signed Links |
| Safe to expose | NO — backend only |
Never expose your Secret Key in client code. This key is used to sign Signed Links and must remain on your backend.
Rotating credentials
If your Secret Key is compromised:
- Go to Project Settings → Signed Links
- Click “Rotate Secret Key”
- Update your backend with the new key
- Old key stops working immediately
Rotating your Secret Key will invalidate all existing signed links. Users will need to open fresh links from your app.
