Skip to main content

Key Types

Key TypeUse CaseSecurityExample Usage
Publishable KeyClient-side SDK initializationSafe to exposeBrowser apps, game clients
Secret KeyServer-side operationsKeep privateBackend minting, admin operations

Publishable Key

import { Environment } from '@imtbl/config';

const baseConfig = {
  environment: Environment.SANDBOX,
  publishableKey: 'pk_imapik-your-publishable-key',
};
Use for:
  • SDK initialization
  • Client-side API calls
  • Passport authentication

Secret Key

// Server-side only
const headers = {
  'x-immutable-api-key': process.env.IMX_SECRET_KEY,
};

const response = await fetch('https://api.immutable.com/v1/mint', {
  method: 'POST',
  headers,
  body: JSON.stringify(mintRequest),
});
Use for:
  • Minting NFTs
  • Admin operations
  • Webhook verification
  • Any operation that modifies on-chain state
Never expose your Secret API Key in:
  • Client-side JavaScript/TypeScript
  • Mobile app code
  • Public Git repositories
  • Browser developer tools
Use environment variables on your server.

Key Rotation

Rotate keys in Hub: SettingsAPI KeysRotate Key
Old key invalidates immediately
Rotate immediately if exposed

Environment-Specific Keys

Each environment has its own keys:
EnvironmentPublishable Key PrefixChain
Sandboxpk_imapik-sandbox-...Immutable zkEVM Testnet
Productionpk_imapik-...Immutable zkEVM Mainnet

Next Steps

Getting Started

Complete Hub setup guide

Backend Minting

Use your secret key for minting