Authentication
All API requests must be authenticated with an API key passed in the X-API-Key header.
API keys
Create API keys from the dashboard under Settings > API Keys.
There are two types of keys:
| Key prefix | Type | Use case |
|---|---|---|
sk_ | Secret key | Server-side only. Full read/write access to all resources. |
pk_ | Publishable key | Safe for client-side. Limited to viewer-facing operations like registration. |
Making requests
Include your API key in the X-API-Key header:
curl -X POST https://api.keepem.io/v1/events/evt_abc123/register \
-H "X-API-Key: pk_live_your_publishable_key" \
-H "Content-Type: application/json" \
-d '{
"email": "viewer@example.com",
"name": "Jane Doe"
}'Never expose secret keys (sk_) in client-side code, public repositories, or browser requests. Use publishable keys (pk_) for any client-facing integration.
When to use which key
| Scenario | Key type |
|---|---|
| Server-side integration (backend, scripts, CI) | sk_ Secret key |
| Embed widget on your website | pk_ Publishable key |
| Registering viewers from a form | pk_ Publishable key |
| Managing events, media, or analytics | sk_ Secret key |
Managing API keys
You can create, list, revoke, and delete API keys from the dashboard.
- Keys can be scoped to specific projects
- Revoked keys immediately stop working and cannot be re-enabled
- Rotate keys regularly and revoke any that may have been compromised