API key (sk_live_ vs pk_live_)
AIPricingLab apps have two key types. sk_live_… is a secret server-side key with full access. pk_live_… is a public client-side key that can ONLY read the calling user's own usage.
Last updated: 2026-05-10
Definition
Secret keys (sk_live_) are like Stripe's sk_live - server-only, can call every endpoint (track, reserve, commit, upsertSubscription, etc.). Public keys (pk_live_) are safe to ship in browser code; they can only call vevee.usage(userId) for the calling user, and reading any other user's data is rejected. Multiple keys per app are allowed for rotation; each is independently revocable.
Example
On the server: vevee = createClient({ apiKey: "sk_live_…" }). In the browser: vevee = createClient({ apiKey: "pk_live_…" }) - render the user's own remaining quota safely.
Related terms
End-user
The user of YOUR AI app - the one whose AI consumption you are metering. Distinct from "user" (a developer logged into AIPricingLab) and "workspace" (a developer organization).
GlossaryWebhook
A signed HTTP POST that AIPricingLab fires to your URL when something happens - a user crosses 80% of quota, a plan changes, a limit is hit. Idempotent, with replay.