Publishable Keys

Use a workspace publishable key to send events from client-side code via the X-Meshes-Publishable-Key header.

A workspace publishable key is a client-safe key used to emit events into Meshes.

Use it when you need to send events from environments where you cannot keep secrets (browser apps, mobile apps, edge functions, untrusted clients).

Where to find your publishable key

In the Meshes dashboard, open the workspace and go to Workspace Settings. You’ll find the publishable key there.

How to authenticate

Include the key in the HTTP header:

X-Meshes-Publishable-Key: <WORKSPACE_PUBLISHABLE_KEY>

Which endpoints support publishable keys?

Only event ingestion endpoints accept the publishable key:

POST /api/v1/events
POST /api/v1/events/bulk

All other private management endpoints require server-side authentication (machine JWT).

Security notes

Publishable keys are intended to be exposed in client code, but you should still treat them as public identifiers (don’t embed them in places you can’t rotate).

Prefer server-side emission (machine JWT) if you need stricter control over who can send events.