Authentication

API authentication methods and security guide

Authentication

Learn about 01.software API authentication methods and security settings.

API Key Types

Publishable Key (Public)

Used in the browser/client
For read-only operations
Used to identify the tenant
Prefix: pk01_

Secret Key (Private)

Used only in server environments
Enables all read/write operations
Used for JWT token generation

Do not include the Secret Key in client code or add the NEXT_PUBLIC_ prefix.

Environment Variables

.env.local

NEXT_PUBLIC_SOFTWARE_PUBLISHABLE_KEY=pk01_xxxxxxxxxxxxxxxx
SOFTWARE_SECRET_KEY=sk01_xxxxxxxxxxxxxxxx

SDK Setup

Authentication is handled automatically by the SDK. See Client Setup for full configuration options.

Permissions

Operation	Browser Client	Server Client
Read (find, findById)	O	O
Write (create, update, remove)	X	O
Orders/Payment API	X	O

Security Best Practices

Never expose the Secret Key to the browser or commit it to Git
Rotate keys regularly from the Console
Use HTTPS in production

Issuing API Keys

Log in to the 01.software Console
Navigate to tenant settings
Issue a new key in the API Keys section

Next Steps

Collections - Available collections
Error Handling - Handling authentication errors
REST API - REST API reference

Feature Setup

How to enable and configure features for your tenant before using the SDK.

Customers

Customer management, authentication, and address book

On this page

Authentication API Key Types Publishable Key (Public)Secret Key (Private)Environment Variables SDK Setup Permissions Security Best Practices Issuing API Keys Next Steps