1. Split Help Center
  2. Administer
  3. Documentation

API keys

  • Updated

Overview

Split SDKs and Admin API both require API keys for Authentication.

In Split there are three types of keys:

  • Server-side type API keys are recommended for use with SDKs that live in your infrastructure (for example, your servers)
  • Client-side type API keys are for SDKs living in public environments (for example, browsers or mobile clients)
  • Admin type API Keys are used for access to Split's Admin API endpoints.
  Keep your Server-side and Admin keys private

Never expose Admin and Server-side keys in untrusted contexts. Do not put your Server-side or Admin API keys in client-side JavaScript or mobile SDKs. Split has special browser keys that you can use in client-side JavaScript, Android, and iOS.
If you accidentally expose your API key, revoke it in the APIs tab in Organization Settings.

Managing your API keys

To manage your API keys, go to the API keys tab in your Admin Settings page. On this page you will be able to:

  1. See a list of all your existing API keys.
  2. Add additional API keys by clicking Add API Key in the top right.
  3. Revoke existing API Keys

Adding Server-side and Client-side API keys

  1. Click Add API Key in the top right of the API keys page
  2. Type out a name for this API Key to let folks what it will be used for
  3. Select Server-side or Client-side as the Type depending if you will be using this key to get treatments for a back end service or your UI.
  4. Select one environment that the key will have access to fetch split and segment information from.

add_server_side_api_key.png

Adding Admin API keys

  1. Click Add API Key in the top right of the API keys page
  2. Type out a name for this API Key to let folks what it will be used for
  3. Select Admin as the Type for the key.
  4. Select All environments or Restrict to specific environments to control the scope that this API Key will have access too.
  5. If you selected Restrict to specific environments you will also the need to select one or more environments that the key will have access to in one workspace.

add_restricted_admin_api_key.png

Endpoint restrictions for Admin API keys scoped to a set of environments

If you scope an API Key to one or more environments, below are the Admin API endpoints that will be restricted:

  • Workspaces - all calls will return a 401
  • Environments - all calls will return a 401
  • Traffic Types - all calls will return a 401
  • Attributes - all calls will return a 401
  • Identities - all calls using an environment the key is not scoped for will return a 401
  • Segments - all calls using an environment the key is not scoped for will return a 401
  • Splits - all calls using an environment the key is not scoped for will return a 401
  • Change Request - all calls will return a 401
  • Tags - all calls will return a 401

Related articles

Comments

0 comments

Please sign in to leave a comment.