Skip to Content
FeaturesAPI Keys

API Keys

API keys authenticate your game and your backend with Gamebeast. Every request to the Gamebeast API — whether it comes from the in-game SDK or from one of your own servers — is authenticated with a key.

Gamebeast has two types of API keys. Which one you use depends on where the key runs:

SDK KeysServer Keys
Also known asPublic keysPrivate (secret) keys
Where it runsInside your game, via the Gamebeast SDKOn your own servers / backend
Safe to ship in game code?YesNo — keep it secret
ScopeA single projectYour whole organization, or a chosen subset of projects
Typical useSending markers, fetching configs, experiments, cohorts, heatmapsQuerying analytics, automating GDPR requests, server-to-server

SDK Keys (public)

SDK Keys are public keys built for the Gamebeast SDK running inside your game. Because they ship inside your game client, they’re designed to be safe to embed and are limited to what the SDK needs to do:

  • Send engagement markers and other ingestion data
  • Read remote configurations
  • Read and assign experiments
  • Read user cohorts
  • Create and read heatmaps

Each SDK Key is scoped to a single project. This is the key you paste into Gamebeast:Setup({ key = "..." }) (Roblox) or GamebeastSdk.Init("...") (Unity) — see the Roblox and Unity installation guides.

SDK Keys cannot read analytics, query your data, or submit GDPR deletion requests — those are reserved for Server Keys.

Server Keys (private)

Server Keys are private keys for server-to-server use: your own backend, data pipelines, or internal tools. Never embed a Server Key in client code or commit it to a public repository. If a Server Key is ever exposed, rotate it immediately.

A Server Key can do everything an SDK Key can, plus the server-side operations:

  • Run analytics, funnel, retention, and heatmap queries
  • Read marker metadata through the Query Builder
  • Submit GDPR deletion requests

A Server Key is scoped to your organization rather than a single project. You can grant it access to all projects (including any project you add to the organization later) or restrict it to a specific set of projects.

Common settings

Both key types share the same controls when you create one in the dashboard :

  • Environments — scope a key to one or more environments. A key only works in the environments you select.
  • Permissions — grant only the permissions a key needs. SDK Keys are limited to the SDK-safe permissions listed above; Server Keys can be granted the full set.
  • Expiration — optionally have a key expire after 30, 60, or 90 days, after a year, or set it to never expire.
  • Rotation — generate a fresh secret for an existing key without changing its other settings. The previous secret stops working once rotation completes.

A key’s secret is shown only once, right after you create or rotate it. Copy it somewhere safe — you won’t be able to view it again. If you lose it, rotate the key to generate a new secret.

Which key should I use?

  • Building or shipping a game with the Gamebeast SDK? Use an SDK Key.
  • Calling the Gamebeast API from your own server, querying analytics, or automating data requests? Use a Server Key.
User ManagementData Management