Keys

Publishable keys identify client context. Secret keys authenticate server-side event ingestion and evaluation.

Publishable key

A publishable key can be used by browser or client-side code to identify the TxnShield environment and carry continuity context. It is not a credential for privileged writes.

Use it when browser context, device continuity, or client-visible setup needs to connect to the same environment as the server.

Secret key

A secret key is a server credential. It authenticates event ingestion and should be used only by trusted backend code, workers, or server-side functions.

Rotate secret keys when a developer leaves, a deployment system changes, or you suspect accidental exposure.

Common mistakes

Using a production secret key in local development.
Putting a secret key into a browser bundle.
Creating events with keys from one environment while viewing another environment.
Revoking a key before the new key is deployed everywhere.

Next steps

Keep going

Express / Node integration Troubleshooting