RiftRift
Get API Key

Getting Started

Publishable Keys

Client-safe keys for SDK click tracking and attribution. Publishable keys (prefix pk_live_) are scoped to a verified domain and can only access attribution endpoints — safe to embed in web pages and mobile apps.

What are publishable keys?

Your API key (rl_live_) is a secret key for server-side use. It can create, update, and delete links. You should never expose it in client code.

Publishable keys (pk_live_) are designed for client-side use. They can only call the attribution endpoints:

  • POST /v1/attribution/click — record a click
  • POST /v1/attribution/report — report an install attribution

Each publishable key is bound to a verified custom domain. This scopes all lookups to your tenant.

Prerequisites

Before creating a publishable key, you need:

  1. An API key (Quick Start)
  2. A verified custom domain

Manage publishable keys

1

Create a publishable key

curl -X POST https://api.riftl.ink/v1/auth/publishable-keys \
  -H "Authorization: Bearer rl_live_YOUR_KEY" \
  -H "Content-Type: application/json" \
  -d '{"domain": "go.yourcompany.com"}'

Response:

{
  "id": "6612...",
  "key": "pk_live_abc123...",
  "domain": "go.yourcompany.com",
  "created_at": "2026-03-26T12:00:00Z"
}
Important: The full key is only shown once at creation time. Save it immediately.
2

List publishable keys

curl https://api.riftl.ink/v1/auth/publishable-keys \
  -H "Authorization: Bearer rl_live_YOUR_KEY"

Response:

{
  "keys": [
    {
      "id": "6612...",
      "key_prefix": "pk_live_abc...",
      "domain": "go.yourcompany.com",
      "created_at": "2026-03-26T12:00:00Z"
    }
  ]
}
3

Revoke a publishable key

curl -X DELETE https://api.riftl.ink/v1/auth/publishable-keys/6612... \
  -H "Authorization: Bearer rl_live_YOUR_KEY"

Returns 204 No Content on success.

Where to use

Pass your publishable key when initializing the SDKs:

  • Web SDK: Rift.init("pk_live_YOUR_KEY") — see Web SDK docs
  • iOS SDK: RiftSdk(publishableKey: "pk_live_YOUR_KEY") — see iOS SDK docs
  • Android SDK: RiftSdk(publishableKey = "pk_live_YOUR_KEY") — see Android SDK docs
Note: Publishable keys are safe to embed in client-side code. They can only access the attribution endpoints and are scoped to your verified domain.