Secret Keys

The Secret Key grants full read and write access to your project's data. It must be kept secure.

Overview

While the Public API key is meant for client-side environments (browsers, mobile apps), the Secret Key is strictly for server-to-server communication. It provides highly privileged access to your Emp-Mix project.

🚨
Never expose your Secret Key
Do not hardcode your Secret Key into a frontend application or commit it to version control (like GitHub). Anyone with your Secret Key can download your entire database of raw events or delete users.

What is the Secret Key used for?

  • Data Export: Fetching raw JSON events via the /public/events REST endpoint.
  • Bulk Import: Importing historical data using the bulk tracking endpoint.
  • Admin User Operations: Hard deleting user profiles for GDPR compliance.

Authentication

When making requests to endpoints that require a Secret Key, pass it in the x-api-key HTTP header.

curl -X GET "https://api.empmix.com/public/events" \
  -H "x-api-key: YOUR_SECRET_KEY"

Key Rotation

If your Secret Key is compromised, you should revoke and regenerate it immediately in the Dashboard under Settings > API Keys.

Last updated on June 4, 2026