API keys
Livemode and testing#
Every account is divided into two universes: one for testnet, and one for mainnet. All requests exist in one of those two universes, and objects in one universe cannot be manipulated by objects in the other. In test mode, transactions can only go to testnet networks.
API keys#
You'll need to authenticate your requests to access any of the endpoints in the Openfort API. In this guide, we'll look at how to get an API key.
Secret and publishable keys#
All accounts have a total of four API keys by default—two for test mode and two for live mode:
- Test mode secret key: Use this key to authenticate requests on your server when in test mode. By default, you can use this key to perform any API request without restriction.
- Test mode publishable key: Use this key for testing purposes in your web or mobile app’s client-side code.
- Live mode secret key: Use this key to authenticate requests on your server when in live mode. By default, you can use this key to perform any API request without restriction.
- Live mode publishable key: Use this key, when you’re ready to launch your app, in your web or mobile app’s client-side code.
| Type | Value | When to use |
|---|---|---|
| Secret | On the server-side: Must be secret and stored securely in your web or mobile app’s server-side code (such as in an environment variable or credential management system) to call Openfort APIs. Don’t expose this key on a website or embed it in a mobile application. | |
| Publishable | On the client-side: Can be publicly-accessible in
your web or mobile app’s client-side code (such as |
Reveal an API secret key for test mode#
Openfort APIs use your secret key to authenticate requests from your server. To find your API secret key for test mode:
- Open the API keys page.
- Under
API keys, in theSecret keyrow, clickReveal test keyand save the value.