Key Concepts
Before diving deeper, here are the main concepts you’ll work with in Latch.
Publication
Section titled “Publication”A publication is your workspace in Latch. Products, prices, customers, paywall rules, segments, API keys, and Stripe settings are all scoped to a publication.
Products and Prices
Section titled “Products and Prices”A product represents something you sell, such as Premium Access. A product can have multiple prices.
Product properties
Section titled “Product properties”| Property | Description |
|---|---|
| Name | Display name |
| Description | Optional internal description |
Price properties
Section titled “Price properties”| Property | Description |
|---|---|
| Interval | free, month, year, or lifetime |
| Amount | Price in cents |
| Currency | ISO currency code |
| Trial days | Optional free trial period |
If Stripe is configured, paid products and paid prices are synced there automatically.
Paywall Rules
Section titled “Paywall Rules”A paywall rule defines when and how to gate content. Rules are evaluated in ascending priority order and the first matching rule wins.
Rule types
Section titled “Rule types”| Type | Behavior |
|---|---|
| Metered | Allow a limited number of free views, then gate |
| Hard | Always gate unless the user has a matching subscription |
| Registration | Require an identified userId but not a subscription |
| Soft | Grant access and return a paywall hint in the response |
Conditions
Section titled “Conditions”The current access engine evaluates these fields:
url_pattern— operators:contains,matches,eqhas_user— whether auserIdis presentsegment_id— whether the reader belongs to a segment
Action
Section titled “Action”| Field | Description |
|---|---|
productIds | Products that satisfy the rule |
message | Paywall copy |
meterLimit | Free-view limit for metered rules |
template | modal, bottom-bar, or inline |
Customers
Section titled “Customers”Customers are your readers. A customer has:
- email and optional name
- optional custom attributes
- zero or more subscriptions
- optional password for self-service authentication
Customers can be created manually in the dashboard, via the admin API, or via the customer auth endpoints (/api/v1/auth/customers/register). Checkout flows currently expect an existing customerId.
Customer Authentication
Section titled “Customer Authentication”Customer auth is optional. When enabled, customers can register and log in with email and password on your publisher site.
- JWT access tokens (15-minute expiry) for stateless identity verification on access checks
- Opaque refresh tokens (30-day expiry) for renewing access tokens without re-entering credentials
- Refresh tokens are rotated on each use (old tokens are invalidated)
- The SDK handles token storage (localStorage), automatic refresh, and attaching the JWT to access checks
Authentication replaces the untrusted identify() / userId query parameter with a cryptographically verified identity.
Segments
Section titled “Segments”Segments group customers by shared characteristics.
Example:
subscription_status = "active"ANDvisit_count >= 3The current evaluator supports built-in fields such as subscription_status, visit_count, email, and any custom-attribute key stored on the customer.
API Keys
Section titled “API Keys”Publishable keys (pk_)
Section titled “Publishable keys (pk_)”- safe to expose in browser code
- can check access, send events, and call customer auth routes
Secret keys (sk_)
Section titled “Secret keys (sk_)”- must stay server-side
- can look up subscriptions and create checkout or portal sessions
Access Check Flow
Section titled “Access Check Flow”When a browser integration checks access:
- it sends the page URL plus identity fields to
GET /api/v1/access/check - the API authenticates the request with a publishable key
- the access engine looks up any matching entitlement for the
userId - rules are evaluated in priority order
- the first matching rule decides the response
- if nothing matches, access is granted
Current grant reasons are subscribed, free_content, metered_remaining, registered, and error_fallback.