Projects & API Keys
Once you create a Picket account, you can view your account dashboard. To start developing with Picket, you'll need to create a project. You can think of a project as an application that you are going to use with Picket. Every account is created with an initial project, named
My First Project, to help you get started!
Each project comes with a set of API keys that you must use to authorize your requests when interacting with the Picket API. Request without an API key will result in an error.
There are two types of API keys
- Publishable keys: These keys are used client-side and are meant for client-side libraries, like picket-js.
- Secret keys: As the name suggests, these must be kept secret. They are meant for server-side libraries, like picket-node
Authorization to the API is performed via HTTP Basic Auth. Provide your API key as the basic auth username. You do not need to provide a password. API Authorization is handled for you in any of Picket's SDKs.
import Picket from "@picketapi/picket-js"
const picket = new Picket('YOUR_PUBLISHABLE_KEY_HERE')
Each project also has an associated list of whitelisted redirect URIs. Redirect URIs are part of the OAuth 2.0 standard and are validated as part of the client-side auth flow.
Redirect URIs ensure that only your project (aka "client" or "application") can use the project's publishable key to authorize users. If you are testing out Picket locally at
http://localhost:3000/,you can add
http://localhost:3000/as a redirect URI to your project.
Notice the training slash in
http://localhost:3000/.Trailing slashes matter in redirect URIs. If you want to ignore trailing slashes, add both
http://localhost:3000to the project redirect URIs.
Only use trusted domains for production projects! Do not allow
http://localhost:3000for a production application.