> ## Documentation Index
> Fetch the complete documentation index at: https://docs.featkit.com/llms.txt
> Use this file to discover all available pages before exploring further.

# API Keys & Credentials

> Your project credentials explained

# API Keys & Credentials

Your project has several credentials. Here's what each one does and where to find them.

## Project ID

|                    |                                    |
| ------------------ | ---------------------------------- |
| **What**           | Public identifier for your project |
| **Format**         | `proj_xxxxxxxx`                    |
| **Where**          | Project Settings → General         |
| **Safe to expose** | Yes                                |

Used to identify your project in SDK and API calls. Can be safely included in client-side code.

## API Key

|                    |                                        |
| ------------------ | -------------------------------------- |
| **What**           | Client-side key for SDK authentication |
| **Format**         | `pk_xxxxxxxx`                          |
| **Where**          | Project Settings → API Keys            |
| **Safe to expose** | Yes (designed for client apps)         |

Used by the iOS SDK to authenticate requests. Safe to include in your app — it's designed for client-side use and has appropriate rate limits and permissions.

```swift theme={null}
// Used in SDK configuration
FeatKit.configure(projectId: "proj_xxx", apiKey: "pk_xxx")
```

## Project Slug

|                    |                                 |
| ------------------ | ------------------------------- |
| **What**           | URL-friendly project identifier |
| **Format**         | `your-app-name`                 |
| **Where**          | Project Settings → General      |
| **Safe to expose** | Yes                             |

Used in your portal URL: `https://featkit.com/p/[slug]`

You choose this when creating your project. It's public and appears in the portal URL your users see.

## Secret Key

|                    |                                    |
| ------------------ | ---------------------------------- |
| **What**           | Server-side key for signing tokens |
| **Format**         | `sk_live_xxxxxxxx`                 |
| **Where**          | Project Settings → Signed Links    |
| **Safe to expose** | **NO — backend only**              |

<Warning>
  **Never expose your Secret Key in client code.** This key is used to sign Signed Links for web integrations and must remain on your backend.
</Warning>

<Note>
  **Using the iOS SDK?** You don't need the Secret Key. The SDK uses the API Key for authentication. Secret Keys are only needed for [Signed Links](/signed-links) in web apps.
</Note>

## Which credentials do I need?

| Integration                | Credentials needed        |
| -------------------------- | ------------------------- |
| **iOS SDK**                | Project ID + API Key      |
| **Web app (Signed Links)** | Project Slug + Secret Key |
| **Backend API**            | Project ID + Secret Key   |

## Rotating credentials

### Rotating API Key

If your API Key is compromised:

1. Go to **Project Settings → API Keys**
2. Click **"Rotate API Key"**
3. Update your app with the new key
4. Old key stops working after grace period (24 hours)

### Rotating Secret Key

If your Secret Key is compromised:

1. Go to **Project Settings → Signed Links**
2. Click **"Rotate Secret Key"**
3. Update your backend with the new key
4. Old key stops working immediately

<Note>
  Rotating your Secret Key will invalidate all existing signed links. Users will need to open fresh links from your app.
</Note>
