Split requires users to authenticate API requests by providing a key.

In Split there are three types of keys:

  • SDK - recommended to be used with SDKs that live in your infrastructure (for example your servers)

  • Browser - a subtype of SDK keys for SDKs living in public environments (e.g. browsers or mobile clients)

  • Admin - used for access to Split developer APIs.

Keep your SDK and Admin keys private

Admin and SDK keys should never be exposed in untrusted contexts. Do not put your SDK or Admin API keys in client-side JavaScript or mobile SDKs. Split has special Browser keys you can use in client-side Javascript, Android and/or iOS.

If you accidentally expose your API key, you can reset it in the APIs tab in Organization Settings.