The DevXP engineering team hosts office hours every Thursday at 11 a.m. Pacific Time where we answer your questions live and help you get up and running with Flatfile. Join us!

are isolated entities and are intended to be a safe place to create and test different configurations. Environments serve as self-contained, secure domains where diverse configurations can be created and tested. By default, a development and a production environment are set up.

falsedevelopmentUse this default environment, and it’s associated test API keys, as you build with Flatfile.
trueproductionWhen you’re ready to launch, create a new environment and swap out your keys.

The development environment does not count towards your paid credits.

Creating an Environment

Your publishableKey and secretKey are specific to an environment therefore to create a new Environment, you’ll have to use a personal access token.

  1. Open Settings
  2. Click to Personal Tokens
  3. You can use the key pair in there to create an access token like:
curl -X POST -H 'Content-Type: application/json' -d '{"clientId":"1234-1234", "secret":"1234-1234"}'
  1. The response will include an accessToken. You can present that as your Bearer token in place of the secretKey.

Create an environment

Guest Authentication

Environments support two types of guest authentication:

  1. magic_link: This method dispatches an email to your guests, which includes a magic link to facilitate login.
  2. shared_link: This method transforms the Space URL into a public one, typically used in conjunction with embedded Flatfile.

Additional Info

Should the guestAuthentication be left unspecified, both magic_link and shared_link types are enabled by default.

It’s important to note that guestAuthentication settings can be applied at both Environment and Space levels. However, in case of any conflicting settings, the authentication type set at the Space level will take precedence over the Environment level setting. This flexibility enables customization based on specific needs, ensuring the right balance of accessibility and security.

Secret and publishable keys

All Accounts have two key types for each environment. Learn when to use each type of key:

Secret keysk_23ghsyuyshs7dcrtyOn the server-side: Store this securely in your server-side code. Don’t expose this key in an application.
Publishable keypk_23ghsyuyshs7dcertOn the client-side: Can be publicly-accessible in your application’s client-side code. Use when embedding Flatfile.
The publishable key only has permissions to create a Space.