Manage your Bearer's credentials

Bearer provides 3 types of keys. Each of them serves different purposes to ensure your API calls are secured. Find below the documentation about the differences between your Secret Key, Publishable Key and Encryption Key

Using your Bearer developer keys

Secret Key

Your Bearer Secret Key is used to authenticate your application with Bearer when setting up the Bearer Agent. The Secret key is intended to used from server side only.

Your Secret Key must not be shared with anyone and never be exposed.

Publishable Key (Frontend side) [DEPRECATED]

For some requests performed, you'll need to provide a Publishable Key that identifies your website to Bearer. For instance, you use that key with our Connect Button or our Setup Component.

In some very particular cases, you might want to perform frontend API calls. You'll use your Publishable Key for that. But takes extra security in doing so, as this key has someone with bad intentions could also perform API calls on your behalf.

By default, the Publishable Key has very limited access to your Bearer account. Which means that this key is safe to be dropped into your frontend code.

Refer to the JavaScript client to find out how to use your Publishable Key in different context.

Encryption Key (Webhook) [DEPRECATED]

At Bearer, we love webhooks and even more when webhooks are secure. For that reason, whenever you receive a webhook from Bearer, Bearer injects a specific header to the request containing the payload signature. This signature is generated using your Encryption Key and ensures the payload hasn't been compromised or changed.

Encryption Key must not be shared with anyone and never be exposed to the frontend

Refer to Webhooks section to learn how to use your Encryption Key to protect your application from receiving unexpected webhooks.

Production and Sandbox environments

By default, Bearer provides 2 environments (Production and Sandbox) and each of them get its own credentials (developer keys).

For that purpose, all your developer keys are prefixed with the right environment they are intended to be used with. Some examples below:





Secret Key




Secret Key




Publishable Key




Publishable Key