Publishable keys

Dynamic embeds need a key that can be used in a browser. That is what publishable keys are for.

Create a key

bash
curl -X POST https://littledemo.com/api/v1/api-keys \  -H "Authorization: Bearer ld_live_xxx" \  -H "Content-Type: application/json" \  -d '{    "name": "Docs embed key",    "type": "publishable",    "project_id": "proj_abc123",    "allowed_domains": ["docs.example.com", "example.com"]  }'

The key is returned once:

json
{  "id": "key_abc123",  "key": "ld_pub_xxx",  "type": "publishable",  "project_id": "proj_abc123",  "allowed_domains": ["docs.example.com", "example.com"]}

Use it with the SDK

html
<script  src="https://littledemo.com/sdk.js"  data-littledemo-key="ld_pub_xxx"></script><div data-littledemo></div>

Allowed domains

Always set allowed domains for browser keys. This prevents a copied key from being useful on unrelated sites.

Use hostnames, not full URLs:

json
{  "allowed_domains": ["docs.example.com", "example.com"]}

When to rotate

Rotate a publishable key if it appears in the wrong repo, gets used from an unexpected origin, or should no longer generate demos for a project.