Authentication
Where keys are created
Section titled “Where keys are created”API keys are created in WODira under Organization profile → API. You must sign in as an organizer or as a member with permission to manage the organization.
- Open WODira and enter your organization dashboard.
- Go to Organization profile.
- Open the API tab. You can also use a route such as
/organizer/{organizationId}/profile?tab=api. - In New key, choose Secret key (backend) or Publishable key (frontend).
- Configure the name, scopes or allowed origins, then click Create key.
- Copy the full key when it appears. For security, it will not be shown again.
After creation, WODira only shows the prefix/last characters, type, permissions, last use, and actions such as revoke.
Secret keys
Section titled “Secret keys”Secret keys start with wd_live_... and are sent from backends:
curl -H "Authorization: Bearer wd_live_..." \ https://api.wodira.app/external/v1/organizer/events/searchx-api-key is also accepted.
Publishable keys
Section titled “Publishable keys”Publishable keys start with wpk_live_... and are sent from browsers:
x-publishable-key: wpk_live_...Origin: https://organizer.comThe backend requires Origin to match one of the key’s allowedOrigins.
- Never expose a secret key in public JavaScript.
- Publishable keys only work with browser endpoints.
successUrlandcancelUrlmust belong to an allowed origin.- Revoked or expired keys stop authenticating immediately.