Authentication

The Frame API uses secret API keys to authenticate server-side requests. You can create and manage these keys in the Frame Dashboard.

For server-side integrations, send your secret key in the Authorization header as a bearer token. Test mode keys start with sk_sandbox_ and live mode keys start with sk_production_. These keys grant broad access to your Frame account, so keep them secure and never expose them in client-side code, mobile apps, or public repositories.

For client-side integrations using Frame.js, you use publishable keys and server-generated tokens instead of secret keys. This allows sensitive payment data to flow directly from your user’s browser to Frame without passing through your servers.

All API requests must be made over HTTPS. Requests made over plain HTTP or without valid authentication will fail.