Documentation
Product Analytics
Authentication

Authentication

Altertable Product Analytics uses API key authentication for both SDK and direct API access. Your API key authenticates requests and determines which organization's data is being tracked.

Getting Your API Key

API keys are managed in your Altertable organization settings. To find or generate an API key:

  1. Navigate to the Credentials page in the Altertable dashboard
  2. Go to the Events section
  3. Copy the API key

API keys are scoped to your organization and provide access to track events and identify users.

Using API Keys with SDKs

JavaScript SDK

import { altertable } from '@altertable/altertable-js';


// Initialize with your API key
altertable.init('YOUR_API_KEY');

React SDK

import { altertable } from '@altertable/altertable-js';


// Initialize before using the provider
altertable.init('YOUR_API_KEY');

Using API Keys with Direct API Calls

Include your API key in the Authorization header for all API requests:

curl -X POST https://api.altertable.ai/track \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"event": "Button Clicked"}'

Environment-Specific Configuration

Development vs Production

Use different API keys for different environments to keep data separate:

const apiKey = import.meta.env.PROD
  ? 'YOUR_PRODUCTION_API_KEY'
  : 'YOUR_DEVELOPMENT_API_KEY';


altertable.init(apiKey, {
  environment: import.meta.env.PROD ? 'production' : 'development',
});

Environment Variables

Store API keys in environment variables rather than hardcoding them.

Create a .env.local file in your project root:

VITE_ALTERTABLE_API_KEY=your_api_key_here;

Then, use the environment variable in your code:

altertable.init(import.meta.env.VITE_ALTERTABLE_API_KEY);

Security Best Practices

Client-Side Exposure

API keys used in SDKs are exposed in client-side code. This is expected and safe because:

  • API keys are scoped to tracking events only
  • They cannot be used to read or modify existing data
  • Rate limiting and monitoring protect against abuse

Server-Side Usage

For server-side tracking, keep API keys secure:

  • Store API keys in environment variables
  • Never commit API keys to version control
  • Use different keys for different environments

Next Steps

Crafted with <3 by former Algolia × Front × Sorare builders© 2025 AltertableTermsPrivacySecurityCookies