Authentication

Secure your API requests with API keys.

API Keys

Generate API keys in your dashboard under Settings → API Keys.

Key Types

Type	Use Case
Server	Backend services (full access)
Client	Frontend apps (read-only)

Using API Keys

Include your key in the Authorization header:

bash

curl -X GET https://api.experimentplus.io/v1/flags \
  -H "Authorization: Bearer sk_live_abc123..."

Key Prefixes

Prefix	Environment
`sk_live_`	Production server key
`sk_test_`	Test server key
`pk_live_`	Production client key
`pk_test_`	Test client key

Security Best Practices

WARNING

Never expose server keys in client-side code!

Use environment variables
Rotate keys regularly
Use test keys during development
Monitor key usage in dashboard

SDK Authentication

typescript

// Server-side (Node.js)
const client = new ExperimentPlus({
  apiKey: process.env.EXPERIMENT_PLUS_SERVER_KEY
})

// Client-side (Browser)
const client = new ExperimentPlus({
  apiKey: 'pk_live_...' // Client key only
})

Authentication ​

API Keys ​

Key Types ​

Using API Keys ​

Key Prefixes ​

Security Best Practices ​