Bearer provides 3 types of keys. Each of them serves different purposes to ensure your API calls are secured. Find below the documentation about the differences between your Secret Key, Publishable Key and Encryption Key
Your Bearer Secret Key is used to authenticate your application with Bearer when setting up the Bearer Agent. The Secret key is intended to used from server side only.
In some very particular cases, you might want to perform frontend API calls. You'll use your Publishable Key for that. But takes extra security in doing so, as this key has someone with bad intentions could also perform API calls on your behalf.
At Bearer, we love webhooks and even more when webhooks are secure. For that reason, whenever you receive a webhook from Bearer, Bearer injects a specific header to the request containing the payload signature. This signature is generated using your Encryption Key and ensures the payload hasn't been compromised or changed.
Refer to Webhooks section to learn how to use your Encryption Key to protect your application from receiving unexpected webhooks.
By default, Bearer provides 2 environments (Production and Sandbox) and each of them get its own credentials (developer keys).
For that purpose, all your developer keys are prefixed with the right environment they are intended to be used with. Some examples below: