Skip to main content

`API Key` ↔ string password to access Online API

bearer

should Encrypt API Key & not stored as Plaintext

`Public Key`

API Key to connect Frontend to Online API, safe to expose to public

`Secret Key`

API Key to connect Backend to Online API, access to sensitive internals/accounts - unsafe to expose

Scoped API Key

to restrict API Key to specific record scopes

ACLs

Access Control Lists

References

Public Key ↔ API Key to connect Frontend to Online API, safe to expose to public
Secret Key ↔ API Key to connect Backend to Online API, access to sensitive internals/accounts - unsafe to expose
Scoped API Key ↔ to restrict API Key to specific record scopes
Bootstrap Key ↔ API Key with root-level control for init setup only | ticking time 💣

Public Key
Secret Key
Scoped API Key
ACLs
References