Skip to main content

Key Types

Publishable Key

Use for:
  • SDK initialization
  • Client-side API calls
  • Passport authentication

Secret Key

Use for:
  • Minting NFTs
  • Admin operations
  • Webhook verification
  • Any operation that modifies on-chain state
Never expose your Secret API Key in:
  • Client-side JavaScript/TypeScript
  • Mobile app code
  • Public Git repositories
  • Browser developer tools
Use environment variables on your server.

Key Rotation

Rotate keys in Hub: SettingsAPI KeysRotate Key
Old key invalidates immediately
Rotate immediately if exposed

Environment-Specific Keys

Each environment has its own keys:

Next Steps

Getting Started

Complete Hub setup guide

Backend Minting

Use your secret key for minting