When your code interacts with Rownd through an SDK, JavaScript code snippet, or directly with our REST API, you’ll need a set of credentials to authenticate your access to the Rownd platform. At Rownd, we call these “app keys” and “app secrets.” Every application provides a default app key, but you can create as many additional keys as you need.

The app key is a publishable value, meaning it isn’t intended to be private. You’ll use an app key in all of your user-facing code, such as React or Vue apps, websites, mobile apps, etc.

Each app key has an associated app secret that will be visible to you only once. App secrets are private values, meaning you should limit the number of people who have access to them. You should also take care to ensure they are not included in publicly visible configuration files, mobile app binaries, website deployments, and so on. They should exist only within your backend server environments or secrets manager.

You can revoke an app key and its associated secret at any time through the Rownd dashboard. Be careful, though! Revoking a key that’s still in use will likely result in downtime for your app. Ensure you generate new app keys and update your deployments with them before revoking existing keys.
What’s the difference?
App keys help identify your application, enable the retrieval of certain application metadata, and initiate authentication from web or mobile. App secrets authenticate machine-to-machine communication with Rownd to retrieve and update any user profile, generate sign-in (magic) links for any user, and support other more sensitive/restricted functions.

Working with app keys

From the Rownd dashboard, select the application for which you want to generate an app key, then select App keys from the side navigation.

Creating a new app key

Press the Add app key button on the top-right side of the screen. A new app key and secret are generated, then the Edit app key dialog is displayed, which contains the name of the app key, the key itself, and its associated secret. Be sure to copy and store the app secret in a safe location, since it will be shown only once! Opening the “edit app key” dialog again will show a masked version of the secret. You can rename the app key to something that makes sense to you, then press Save to save it.

Updating an app key

  1. Click on the three dots beneath the Action column on the right side of the app keys table.
  2. From the resulting menu, select Edit to modify the name of the key (the key and secret are immutable).
  3. Make the desired modifications and press Save to finish.

Deleting / revoking an app key

  1. Click on the three dots beneath the Action column on the right side of the app keys table.
  2. Press Delete to initiate the deletion process. A confirmation dialog will appear.
  3. Press Delete within the dialog to permanently revoke the key. It will immediately stop working.