Settings

Manage your Bearer's credentials

Bearer provides 3 types of keys. Each of them serves different purposes to ensure your API calls are secured. Find below the documentation about the differences between your Secret Key, Publishable Key and Encryption Key

Using your Bearer developer keys

Secret Key (backend side)

Most of the API calls are performed from a server (backend side). In order to secure those calls, the Bearer's infrastructure requires you to provide a Secret Key so that we can authentify and authorize all your requests. The Secret key is intended to used from server side only.

Your Secret Key must not be shared with anyone and never be exposed.

Refer to the API Clients to find out how to make API calls with your Secret Key.

Publishable Key (Frontend side)

For some requests performed, you'll need to provide a Publishable Key that identifies your website to Bearer. For instance, you use that key with our Connect Button or our Setup Component.

In some very particular cases, you might want to perform frontend API calls. You'll use your Publishable Key for that. But takes extra security in doing so, as this key has someone with bad intentions could also perform API calls on your behalf.

By default, the Publishable Key has very limited access to your Bearer account. Which means that this key is safe to be dropped into your frontend code.

Refer to the JavaScript client to find out how to use your Publishable Key in different context.

Encryption Key (Webhook)

At Bearer, we love webhooks and even more when webhooks are secure. For that reason, whenever you receive a webhook from Bearer, Bearer injects a specific header to the request containing the payload signature. This signature is generated using your Encryption Key and ensures the payload hasn't been compromised or changed.

Encryption Key must not be shared with anyone and never be exposed to the frontend

Refer to Webhooks section to learn how to use your Encryption Key to protect your application from receiving unexpected webhooks.

Production and Sandbox environments

By default, Bearer provides 2 environments (Production and Sandbox) and each of them get its own credentials (developer keys).

For that purpose, all your developer keys are prefixed with the right environment they are intended to be used with. Some examples below:

Key

Environment

prefix

Example

Secret Key

Production

sk_production

sk_production_1b2e3a4r5

Secret Key

Sandbox

pk_sandbox

sk_sandbox_PiLKmela1

Publishable Key

Production

pk_production

pk_production_kLlm2dl1z

Publishable Key

Sandbox

pk_sandbox

pk_sandbox_9zuhkLm