Skip to main content

Keys

All Environments within a Project have their own set of keys. For more information about Environments, please read here.


Types of Keys

SDK Keys

SDK Keys are used to authenticate an SDK with DevCycle.

SDK keys are separated into Server, Mobile and Client due to the unique security requirements and constraints of each platform.

Features can also be targeted to a specific type of SDK using SDK Visibility

Server Keys

All the DevCycle Server-side SDKs should be initialized with the environment's Server-side SDK key. This SDK key provides read-only access of the features on your DevCycle environment. This key is used for SDKs which currently make continuous calls to the DevCycle APIs for each SDK interaction per user. It also has access to the full project configuration data, which is used for local bucketing SDKs.

The Server-side SDK key must be kept secret, as it has access to the full configuration data of your project. Never include this key in a client-side application. Doing so risks exposing it to end-users via mobile app unpacking or browser network inspection.

Client Key

All the DevCycle Client-side SDKs (non-mobile) should be initialized with the environment's Client-side SDK key. This SDK key provides read-only access to the features accessible by a given user on your DevCycle environment. Specifically, it grants access to the DevCycle SDK API, which returns user-customized configurations including feature information which they are permitted to access.

Mobile Keys

All the DevCycle Mobile SDKs should be initialized with the environment's Mobile SDK key. This SDK key provides read-only access to the features accessible by a given user on your DevCycle environment. Specifically, it grants access to the DevCycle SDK API, which returns user-customized configurations including feature information which they are permitted to access.

This key is separate from the standard SDK keys due to the differing security requirements of client-side (eg. browser) and mobile use cases. Separation allows one key to be rotated without affecting the other.

Management API Key

This key is required to interact with the DevCycle Management API.


Managing Keys

Client, Mobile and Server Keys

To find your keys for use within the various SDKs, click the "key" icon in the top right of the dashboard header.

Each environment listed has three different keys:

  • Client SDK keys
  • Server SDK keys
  • Mobile SDK keys

To reveal these keys, click the "Show Keys" button on the top of the page.

Management API Key

To access the Management API, first navigate to the Settings page by clicking the "gear" icon in the dashboard header.

Scroll to the "API Authentication" section. The Client ID and Secret for use with the OAuth flow on the Management API will be listed here.

Note: Due to the fact that the Management API can read and modify all aspects of your DevCycle projects, DO NOT share this key or deploy any client-side code containing this key.