API Key Types & Access Levels
Understanding Kodey API key types and their access permissions
There are two types of team API keys.
Key Types
| Key Type | Prefix | Description | Where to Use |
|---|---|---|---|
| Publishable Key | pk_live_ | Restricted access - chat endpoints only | Frontend/Client-side |
| Secret Key | sk_live_ | Full API access for a single team | Backend/Server-side |
Access Matrix
| Endpoint Category | pk_live_ (Publishable) | sk_live_ (Secret) |
|---|---|---|
| Chat Operations | Yes | Yes |
| Agent Operations | No | Yes |
| Workflow Operations | No | Yes |
| MCP Operations | No | Yes |
| File Operations | No | Yes |
| Webhook Operations | No | Yes |
Key Format Examples
Publishable: pk_live_7Xk9mNpQ2rStUvWxYz3aBcDeFgHjKm
Secret: sk_live_7Xk9mNpQ2rStUvWxYz3aBcDeFgHjKm
Security Best Practices
Publishable Keys (pk_live_*)
- Safe to expose in frontend code
- Use for client-side chat integrations
- Limited to chat-related endpoints only
Secret Keys (sk_live_*)
- Never expose in frontend code
- Store securely in environment variables
- Use only in server-side applications
- Provides full API access