API keys – Split Help Center

Split SDKs and Admin API both require API keys for Authentication.

In Split, there are three types of keys:

Server-side type API keys are recommended to use with SDKs that live in your infrastructure (for example, your servers)
Client-side type API keys are for SDKs living in public environments (for example, browsers or mobile clients)
Admin type API Keys are used for access to Split's Admin API endpoints.

Keep your Server-side and Admin keys private

Never expose Admin and Server-side keys in untrusted contexts. Do not put your Server-side or Admin API keys in client-side JavaScript or mobile SDKs. Split has special browser keys that you can use in client-side JavaScript, Android, and iOS.

If you accidentally expose your API key, revoke it in the APIs tab in Organization settings.

Note: Be sure to copy your API Key once it's generated. For security purposes, you won’t see the key again.

Managing your API keys

To manage your API keys, go to the API keys tab in your Admin Settings page. On this page you can:

See a list of all your existing API keys
Add additional API keys by clicking Add API key in the top right
Revoke existing API keys
Clone existing API keys

Adding Server-side and Client-side API keys

To add one of these API keys, do the following:

From the left navigation, click the top, and then select Admin settings.
Click API keys. The API key page appears.

From the Admin API keys tab, click Actions and then Create SDK API key. The Create SDK API key view appears.

Enter a name for this API Key to let other users know what it’s used for.
Select Server-side or Client-side as the type, depending if you use this key to get treatments for a back end service or your user interface.
Select one environment that the key has access to fetch a feature flag and segment information from.
Click the Create API key button to create the key.

Adding Admin API keys

From the left navigation, click the top and then select Admin settings.
Click API keys. The API key page appears.
From the Admin API keys tab, click Actions and then Create Admin API. The Create Admin API key view appears.

Enter a name for this API key to let other users what it's used for.
Select All environments or Restrict to specific environments to control the restrictions that this API Key has access to.
- If you select Restrict to specific environments, select one or more environments that the key has access to in one workspace.
Click the Create API key button. A new API key and access token are now created.

Cloning API keys

The Clone API keys action creates a new API key with access levels the same as the key being cloned. To clone an API key, do the following:

From the left navigation, click the top and then select Admin settings.
Click API keys. The API key page appears.
From the Admin API keys tab, click Clone on the desired key. The Clone API key view appears.

Enter a new name for the cloned key.
The Key scope section shows the original key’s scope that is applied to this new key.
Click the Clone API key button to create the cloned key.

Endpoint restrictions for Admin API keys scoped to a set of environments

If you restrict an API Key to one or more environments, the following are the Admin API endpoints that are restricted:

Workspaces. All calls return a 401
Environments. All calls return a 401
Traffic Types. All calls return a 401
Attributes. All calls return a 401
Identities. All calls using an environment the key is not restricted for return a 401
Segments. All calls using an environment the key is not restricted for return a 401
Splits. All calls using an environment the key is not restricted for return a 401
Change Requests. All calls return a 401
Tags. All calls return a 401