API Key Types & Access Levels
Understanding Kodey API key types and their access permissions
Kodey supports three types of API keys: team-level keys (publishable and secret) and user-level keys.
Key Types
| Key Type | Prefix | Scope | Description | Where to Use |
|---|---|---|---|---|
| Publishable Key | pk_live_ | Team | Restricted access - chat endpoints only | Frontend/Client-side |
| Team Secret Key | sk_live_ | Team | Full API access for a single team | Backend/Server-side |
| User Secret Key | usk_live_ | User | Root access across all your teams | Backend/Server-side |
Key Format Examples
Publishable: pk_live_7Xk9mNpQ2rStUvWxYz3aBcDeFgHjKm
Team Secret: sk_live_7Xk9mNpQ2rStUvWxYz3aBcDeFgHjKm
User Secret: usk_live_7Xk9mNpQ2rStUvWxYz3aBcDeFgHjKm
Access Matrix
| Endpoint Category | pk_live_ | sk_live_ | usk_live_ |
|---|---|---|---|
| Chat Operations | Yes | Yes | Yes |
| Agent Operations | No | Yes | Yes |
| Workflow Operations | No | Yes | Yes |
| MCP Operations | No | Yes | Yes |
| File Operations | No | Yes | Yes |
| Webhook Operations | No | Yes | Yes |
| Team Management | No | No | Yes |
| Member Management | No | No | Yes |
| API Key Management | No | No | Yes |
| Billing Operations | No | No | Yes |
| Team Settings | No | No | Yes |
| Export/Import | No | No | Yes |
User Secret Key (usk_live_*)
User secret keys provide root access across all teams where you are an OWNER or ADMIN. This key type is ideal for:
- Multi-team automation: Manage multiple teams with a single key
- Team management: Create, update, and delete teams programmatically
- Member operations: Invite members, manage roles, transfer ownership
- Billing integration: Access invoices and billing operations
- Data migration: Export and import team configurations
Generating a User Secret Key
User API keys can be generated from your Account Settings in the Kodey dashboard.
Key Differences from Team Secret Key
| Capability | Team Secret (sk_live_) | User Secret (usk_live_) |
|---|---|---|
| Access scope | Single team | All teams (OWNER/ADMIN) |
| Chat, Agent, Workflow APIs | Yes | Yes |
| Create new teams | No | Yes |
| Delete teams | No | Yes |
| Invite/remove members | No | Yes |
| Edit member roles | No | Yes |
| Transfer ownership | No | Yes |
| View/regenerate API keys | No | Yes |
| Access billing & invoices | No | Yes |
| Export/import team data | No | Yes |
Security Best Practices
Publishable Keys (pk_live_*)
- Safe to expose in frontend code
- Use for client-side chat integrations
- Limited to chat-related endpoints only
Team Secret Keys (sk_live_*)
- Never expose in frontend code
- Store securely in environment variables
- Use only in server-side applications
- Provides full API access for a single team
User Secret Keys (usk_live_*)
- Highest privilege level - treat with extreme care
- Never expose in frontend code or public repositories
- Store in secure secret management systems (AWS Secrets Manager, Vault, etc.)
- Use for backend automation and admin operations only
- Consider using team secret keys when user-level access isn't required