Bearer provides 3 types of keys. Each of them serves different purposes to ensure your API calls are secured. Find below the documentation about the differences between your Secret Key, Publishable Key and Encryption Key
Most of the API calls are performed from a server (backend side). In order to secure those calls, the Bearer's infrastructure requires you to provide a Secret Key so that we can authentify and authorize all your requests. The Secret key is intended to used from server side only.
Refer to the API Clients to find out how to make API calls with your Secret Key.
In some very particular cases, you might want to perform frontend API calls. You'll use your Publishable Key for that. But takes extra security in doing so, as this key has someone with bad intentions could also perform API calls on your behalf.
At Bearer, we love webhooks and even more when webhooks are secure. For that reason, whenever you receive a webhook from Bearer, Bearer injects a specific header to the request containing the payload signature. This signature is generated using your Encryption Key and ensures the payload hasn't been compromised or changed.
Refer to Webhooks section to learn how to use your Encryption Key to protect your application from receiving unexpected webhooks.
By default, Bearer provides 2 environments (Production and Sandbox) and each of them get its own credentials (developer keys).
For that purpose, all your developer keys are prefixed with the right environment they are intended to be used with. Some examples below: