API keys overview

Use these endpoints to create or delete an API key.

When creating an API key, the key itself is returned in the response body.

❗️

Keep your server_side and admin keys private

Never expose admin and server_side API keys in untrusted contexts.

Do not put your admin or server_side API keys in client-side JavaScript or mobile SDKs. Split has special client_side API keys that you can use in JavaScript, Android, and iOS.

If you accidentally expose your API key, revoke it in the APIs tab in Account settings or using the Delete an API key endpoint.

Be sure to copy your Admin API Key once it's generated. For security purposes, you won’t see the key again.

API key types

There are three types of keys that can be created:

  • admin API keys are used for access to the Split Admin API endpoints.
  • server_side API keys are recommended to use with SDKs that live in your infrastructure (for example, your servers).
  • client_side API keys are for SDKs living in public environments (for example, browsers or mobile clients).

Admin API Key roles

Roles aim to limit the access and operations a key can perform within Split within two functional areas - Administrative Permissions and Resource (Feature Flag & Segment) Permissions.
Here is a brief overview of the new roles introduced that can be specified while creating an Admin API Key using Split API:

🚧

Important

  • Roles are not editable, once assigned, they cannot be changed.
  • A valid Admin API Key cannot create another Admin API key with more roles than it contains.
  • Roles can be combined.
RoleDescription
Administrative PermissionsAPI_ALL_GRANTEDA key with this role grants access to all of your Account's settings and resources via Split API.
This is the default role if none is specified.
Admin API Keys created before Aug 2023 are associated to this role.
API_APIKEYA key with this role allows the creation and deletion of other API Keys.
API_ADMINReduced Admin capabilities.
This role enables administration of the account via Split API. However, this role excludes permission to manage API Keys and the following resources: feature flags, segments, change requests, tags, and rollout statuses.
API_WORKSPACE_ADMINAdmin capabilities within a project (formerly known as workspace), similar to API_ADMIN, but excluding permission to manage users and groups.
Resource Permissions
Feature Flags
API_FEATURE_FLAG_VIEWERView-only access to feature flags including permission to view associated tags, change requests and rollout statuses.
API_FEATURE_FLAG_EDITORGrants access to all feature flag operations including operations related to associated tags, change requests and rollout statuses.
Resource Permissions
Segments
API_SEGMENT_VIEWERView-only access to segments including permission to view associated tags and change requests.
API_SEGMENT_EDITORGrants access to all segment operations including operations related to associated tags and change requests.

Admin API Key scopes

Admin API Keys can be scoped to different levels of access:

  • Global - access to all current and future resources across the org.
  • Workspace - access to all current and future resources across a single project (formerly known as workspace).
  • Environment - access to all current and future resources across the environments selected.