Your site token is included in server-side API calls.
Your site token is also used to build your custom Uthentic script. You'll need to include this script on every page of your website. Uthentic includes settings, and automatically initializes everything for you inside this script. Make sure you link directly to this script rather than downloading it and hosting it yourself.
<!-- Uthentic script for your website --> <script src="https://uthentic.net/%site_token%/uthentic.js"></script>
You'll use your Secret Key when communicating with Uthentic server-to-server. Never reveal this to anyone. Do not include or reference this in any way inside client-side scripts. Do not send this token to client via api call. If you are using Uthentic for a serverless web app, you should never use this secret key in your web app.
On each secure, server-side api call, you'll authenticate with the following http header:
x-secret-key: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx x-app-id: xxxxxxxx
For more info on how to use your secret key, check out our docs.