Projects & API Keys
Last updated
Last updated
Once you create a Picket account, you can view your . To start developing with Picket, you'll need to create a project. You can think of a project as an application that you are going to use with Picket. Every account is created with an initial project, named My First Project
, to help you get started!
Each project comes with a set of API keys that you must use to authorize your requests when interacting with the Picket API. Request without an API key will result in an error.
There are two types of API keys
Publishable keys: These keys are used client-side and are meant for client-side libraries, like .
Secret keys: As the name suggests, these must be kept secret. They are meant for server-side libraries, like
Authorization to the API is performed via . Provide your API key as the basic auth username. You do not need to provide a password. API Authorization is handled for you in any of Picket's SDKs.
Each project also has an associated list of whitelisted redirect URIs. Redirect URIs are part of the OAuth 2.0 standard and are validated as part of the client-side .
Redirect URIs ensure that only your project (aka "client" or "application") can use the project's publishable key to authorize users. If you are testing out Picket locally at http://localhost:3000/,
you can add http://localhost:3000/
as a redirect URI to your project.
Only use trusted domains for production projects! Do not allow http://localhost:3000
for a production application.