There are several different kinds of keys and tokens across Amplitude's products. This guide walks through what each is for, the basics you need to know about using them, and how to find them.
This table gives a brief overview of each kind of key.
Product | Key | Public | Can it be rotated? |
---|---|---|---|
Analytics | Project API Key | ✅ | ✅ |
Analytics | Project Secret Key | ❌ | ✅ |
Experiment | Deployment Key (client-side) | ✅ | ✅ |
Experiment | Deployment Key (server-side) | ❌ | ✅ |
Experiment | Management API Key | ❌ | ✅ |
Data | API Token | ❌ | ✅ |
Other | SCIM Key | ❌ | ✅ |
Other | Org-level keys | ❌ | Contact Support |
Analytics keys are automatically created for each project, and can only be used to manipulate data within the project the key belongs to.
To view your project's API Key and Secret Key, see Authentication.
To ingest data from browsers and mobile applications, Amplitude must be able to identify which project the requests should go to. Amplitude does this with API Keys that's associated with a single project.
Files sent to a browser and code distributed as part of a mobile app are shared with end users, so the API Keys can't be truly secret.
Because there's no way to keep the API Keys secret, the scope of what the keys can be used for is limited to the bare minimum needed to ingest data into Amplitude. This isn't unique to Amplitude: all services that support ingesting data from browsers or mobile apps have a similar key, though what they call it may vary.
Projects can have multiple Secret Keys. These are used in conjunction with the project API Key to manage your account.
Use API Tokens to authenticate to Amplitude Data without logging in with your email address and a password. Tokens authorize applications to enjoy the same roles and permissions granted to you when you log in directly.
You can create and revoke these as needed by navigating to Data > Settings > API Tokens.
When you create a deployment, Experiment creates a key for that deployment. Whether the key is public or private depends on whether the deployment is client-side or server-side.
client-
. Because this key is already public, you don't have to worry about it being compromised.
server-
. If a server-side key is compromised, create a new deployment key, replace the old key with the new key on all flags and experiments, and delete the old key.Manage your Deployment keys in Experiment > Deployments.
Management API keys are used to authenticate requests made to manage flags and experiments. These keys are different from the deployment keys used to fetch flag variants.
Create and manage these keys via the Management API link in the Experiment sidebar.
Some APIs require an org-level API Key and Secret Key. You must request these from Amplitude Support.
The SCIM key is used with the SCIM API. SCIM features are available in accounts with an Enterprise plan.
See Set up SCIM provisioning in Amplitude for more information.
June 10th, 2024
Need help? Contact Support
Visit Amplitude.com
Have a look at the Amplitude Blog
Learn more at Amplitude Academy
© 2025 Amplitude, Inc. All rights reserved. Amplitude is a registered trademark of Amplitude, Inc.