Core Concepts
Publishable keys
Browser SDK credentials (pk_live_…) — not operator sessions.
Publishable keys
What it is
A publishable key (pk_live_…) authenticates the browser SDK to load published consent config and post receipts.
Why it exists
Browsers need a non-operator credential. Operator session tokens must never ship to the public web.
How Erasure uses it
- Owner creates a key under Develop.
- Raw key shown once.
- Server stores a hash; lookup by hash.
- SDK sends
Authorization: Bearer pk_live_…. - Keys can be listed/revoked (Owner for create/revoke).
Draft consent is never returned to the SDK, even with a valid key.