API Keys
Latch uses a two-key model: one publishable key and one secret key.
Creating a key pair
Section titled “Creating a key pair”Go to Settings > API Keys and create a pair.
You receive:
- a publishable key (
pk_...) for browser-safe access checks, events, and customer auth - a secret key (
sk_...) for server-side subscription flows
Revocation
Section titled “Revocation”Keys are stored as separate records. Revoking a full pair means revoking both records.
What each key can do
Section titled “What each key can do”| Capability | Publishable (pk_) | Secret (sk_) |
|---|---|---|
| Check access | Yes | No |
| Send events | Yes | No |
| Customer auth | Yes | Yes |
| Lookup active subscription | No | Yes |
| Create checkout session | No | Yes |
| Create portal session | No | Yes |
Dashboard-admin CRUD routes currently use authenticated admin sessions, not API keys.