Security
API key handling for server, web, and mobile clients.
- Use environment-scoped SDK keys — never share Production keys with Development builds.
- Store keys in secret managers or environment variables, not source control.
- Avoid embedding Production keys in public client bundles when possible; prefer server-side evaluation or scoped keys.
- Rotate leaked keys immediately; use a dual-key window for zero-downtime rotation.
API: API Keys.