Overview
Split SDKs and Admin API both require API keys for Authentication.
In Split there are three types of keys:
- Server-side type API keys are recommended for use with SDKs that live in your infrastructure (for example, your servers)
- Client-side type API keys are for SDKs living in public environments (for example, browsers or mobile clients)
- Admin type API Keys are used for access to Split's Admin API endpoints.
Keep your Server-side and Admin keys private
Never expose Admin and Server-side keys in untrusted contexts. Do not put your Server-side or Admin API keys in client-side JavaScript or mobile SDKs. Split has special browser keys that you can use in client-side JavaScript, Android, and iOS.
If you accidentally expose your API key, revoke it in the APIs tab in Organization Settings.
Managing your API keys
To manage your API keys, go to the API keys tab in your Admin Settings page. On this page you will be able to:
- See a list of all your existing API keys.
- Add additional API keys by clicking Add API Key in the top right.
- Revoke existing API Keys
Adding Server-side and Client-side API keys
- Click Add API Key in the top right of the API keys page
- Type out a name for this API Key to let folks what it will be used for
- Select Server-side or Client-side as the Type depending if you will be using this key to get treatments for a back end service or your UI.
- Select one environment that the key will have access to fetch split and segment information from.
Adding Admin API keys
- Click Add API Key in the top right of the API keys page
- Type out a name for this API Key to let folks what it will be used for
- Select Admin as the Type for the key.
- Select All environments or Restrict to specific environments to control the scope that this API Key will have access too.
- If you selected Restrict to specific environments you will also the need to select one or more environments that the key will have access to in one workspace.
Endpoint restrictions for Admin API keys scoped to a set of environments
If you scope an API Key to one or more environments, below are the Admin API endpoints that will be restricted:
- Workspaces - all calls will return a 401
- Environments - all calls will return a 401
- Traffic Types - all calls will return a 401
- Attributes - all calls will return a 401
- Identities - all calls using an environment the key is not scoped for will return a 401
- Segments - all calls using an environment the key is not scoped for will return a 401
- Splits - all calls using an environment the key is not scoped for will return a 401
- Change Request - all calls will return a 401
- Tags - all calls will return a 401
Comments
0 comments
Please sign in to leave a comment.