API Keys

API keys authenticate requests to ChimeKit and tell the system which project + environment you’re operating in. They’re the foundation for everything else: identifying audience members, sending messages, and running workflows.

What an API key is

In ChimeKit, an API key represents a trusted integration with your project. Keys are tied to a specific environment (for example, development or production) and are used to sign or authorize requests.

You’ll typically interact with keys in one of two contexts:

  • Server-side SDK/API: your backend uses a secret key to sign short-lived auth tokens for /sdk/v1 endpoints.
  • Member-facing widgets: your frontend uses a public key plus a member token to call the member API via @chimekit/react or @chimekit/vue.

How it fits into the system

  • Audience: the server SDK uses your key context to identify members in the correct environment.
  • Messages + Workflows: every send/run is attributed to the key that initiated it (useful for auditing and troubleshooting).
  • Environment separation: keys prevent accidental cross-environment writes (e.g. sending production messages from a dev build).

Getting started

  1. Create an API key in the Dashboard for the environment you want to target.
  2. Store it as a secret (for example, CHIMEKIT_SECRET_KEY) in your backend’s environment variables.
  3. Use the Server SDK (recommended) or call the /sdk/v1 endpoints directly.

Treat secret keys like passwords. Never ship them to the browser. If you need a browser integration, use the client components (@chimekit/react or @chimekit/vue) with a public key + member token.

Was this page helpful?