CloudSignal Docs
GuidesAPI Keys

API keys

Manage API keys for programmatic access to CloudSignal services.

API keys allow your applications to interact with CloudSignal services programmatically. Use them for server-side operations, automation, and integrations.

API keys are not the same as MQTT credentials:

TypeUsed for
API keyCloudSignal REST API and service endpoints
MQTT credentialMQTT broker connections (see Clients)

Guides

Key types

Understand publishable vs secret keys

Managing keys

Create, rotate, and revoke API keys

Quick overview

CloudSignal provides two types of API keys:

Key typePrefixUse caseSecurity
Publishablepk_Client-side code, browser appsLimited permissions, safe to expose
Secretsk_Server-side code onlyFull permissions, never expose

When to use API keys

Publishable keys (pk_)

ContextExample
Web applicationsReact, Vue, Angular
Mobile appsiOS, Android
Client-side codeBrowser-based scripts
Public API calls with limited scopeToken exchange initiation

Secret keys (sk_)

ContextExample
Server-side applicationsNode.js, Python, Go
Automation scriptsBackground jobs
CI/CD pipelinesDeployment workflows
Admin operationsOrg-wide management calls

Never expose secret keys in client-side code, version control, or public repositories.

Common use cases

Token exchange

Use API keys to exchange external identity provider tokens (Supabase, Firebase, Auth0) for MQTT credentials:

// Server-side only - uses secret key
const response = await fetch('https://api.cloudsignal.io/v2/tokens/exchange', {
  method: 'POST',
  headers: {
    'Authorization': `Bearer ${process.env.CLOUDSIGNAL_SK}`,
    'Content-Type': 'application/json',
  },
  body: JSON.stringify({
    provider: 'supabase',
    token: supabaseAccessToken,
  }),
});

const { mqtt_username, mqtt_password } = await response.json();

REST bridge publishing

Publish MQTT messages via HTTP using the REST bridge:

// Can use a publishable key for client-side publishing
const response = await fetch('https://rest-publisher.cloudsignal.app/publish', {
  method: 'POST',
  headers: {
    'Authorization': `Bearer ${publishableKey}`,
    'Content-Type': 'application/json',
  },
  body: JSON.stringify({
    topic: 'agents/agent-01/state',
    payload: { status: 'idle', load: 0.12 },
  }),
});

Next steps

Common ACL patterns

Ready-to-use ACL patterns for agents, real-time apps, and common use cases.

Key types

Understanding publishable and secret API keys in CloudSignal.

On this page

GuidesQuick overviewWhen to use API keysPublishable keys (pk_)Secret keys (sk_)Common use casesToken exchangeREST bridge publishingNext steps