2025-08-01
Get a load of this (totally normalized) BS.
"We have just the offering for you! Visit our website. Create an account. Verify your email. Create a project. Add your credit card. Go to settings. Create an API key. Add it to your password manager. Drop it in your .env file. Download our SDK. Import it. Pass your env var in. Never share your API key. Make sure you never commit it to source control. On the client, we have a React SDK. Make sure you use your publishable key for that. For the server, download our admin SDK. Use your secret key. Never mix the two up.”
It’s truly wild to me what some of y’all will tolerate.
Making your own API key
Let me show you something… Did you know generating a JWK is stupidly easy?
import { generateKeyPair, exportJWK } from 'jose' const keyPair = await generateKeyPair ( 'ES256' , { extractable: true , }) const publicKeyJWK = await exportJWK (keyPair.publicKey) const privateKeyJWK = await exportJWK (keyPair.privateKey)
That’s it. Your JWK keypair is now effectively your own self-issued API key.
No need to visit a website, make an account, verify your email, create a project, go to settings, create an API key, or copy it and use it. You just generated your own.
How do we use this?
... continue reading