Publishable Keys

Publishable keys are safe to include in client-side code. They identify your organization but don’t grant access to data — that requires a session token.

Creating a Key


POST /api/embed/publishable-keys
Content-Type: application/json
 
{
  "name": "Production Frontend",
  "allowedOrigins": ["https://myapp.com"]
}

Using in Your Frontend


<script src="https://embed.orderly.dev/sdk.js"></script>
<script>
  Orderly.init({
    publishableKey: 'pk_live_...',
    sessionToken: '...', // obtained from your backend
  });
</script>

Key Rotation

Rotate keys without downtime:

Create a new publishable key
Update your frontend to use the new key
Delete the old key

Both keys work simultaneously during the transition.