What are the differences between public and secret API keys?
Bytescale provides two types of API keys: public and secret, each designed for different purposes.
Public API Keys:
- Intended for use in client-side environments, such as in browsers or mobile apps.
- Restricted to basic operations like file uploads and downloads.
- Cannot perform delete, overwrite, or other destructive/administrative operations unless combined with a JSON Web Token (JWT) issued by your API that grants additional permissions.
Secret API Keys:
- Designed for server-side use where they can be securely stored.
- Have full access to perform all API operations available on Bytescale, including file management and sensitive administrative actions.
Always ensure you're using the right type of API key in the appropriate environment to keep your applications secure and functioning correctly.
You can distribute public API keys in your frontend code, but you must only use secret API keys in your backend code.