Authentication — Flatfile

Learn how to use API keys to authenticate API requests.

Flatfile provides two different kinds of environment-specific API keys you can use to interact with the API. In addition, you can work with a development key or a production environment.

Read on to learn more about how to think about which keys to use and how to test in development mode.

Testing and development

Environments are isolated entities and are intended to be a safe place to create and test different configurations. A development and production environment are created by default.

isProd	Name	Description
false	`development`	Use this default environment, and its associated test API keys, as you build with Flatfile.
true	`production`	When you’re ready to launch, create a new environment and swap out your keys.

The development environment does not count towards your paid credits.

Secret and publishable keys

All Accounts have two key types for each environment. Learn when to use each type of key:

Type	Id	Description
Secret key	`sk_23ghsyuyshs7dcrty`	On the server-side: Store this securely in your server-side code. Don’t expose this key in an application.
Publishable key	`pk_23ghsyuyshs7dcert`	On the client-side: Can be publicly-accessible in your application’s client-side code. Use when embedding Flatfile.

The accessToken provided from publishableKey will remain valid for a duration of 24 hours.