# API Keys

Access to the Caisson ID Check API is controlled through a set of keys. Each key has a type that dictates its usage and privacy (remember to always keep your secret key SECRET !). Your API keys are available in the Caisson Dashboard, under the developer page.

# Public API keys

Public keys are meant solely to identify your account with Caisson and aren’t secret. They are safe for use on your website and apps, but they're only able to create ID Checks. You won't be able to retrieve any data from the Caisson API using your public key.

# Secret API keys

Secret API keys are only to be used on your own servers and must be kept confidential. You can perform any API request to Caisson without restriction with your secret API key. Keep this key safe and NEVER publish it to the web or in a mobile app. The secret keys are only to passed in the HTTP Authorization header over SSL to the Caisson API endpoint.

# Obtaining your API keys

Your API keys are available in the Caisson Dashboard, under the developer page. The public key is always visible, but you may need to confirm your password in order to view your secret key.

# Rotating your API keys

If at any point you need to invalidate one of your API keys (for instance, if you suspect it has been compromised) you can easily rotate it from the developer page: generate a new one, replace your old key in all your systems, and then deactivate your old key.