A Publishable Key is an API credential designed to be used safely in publicly accessible code, such as the JavaScript on a checkout page or within a mobile app’s frontend. Its primary function is to “tokenize” sensitive card data—turning card numbers into a secure token that can be sent to the backend—without exposing the ability to charge the card directly.
FAQs:
- Can I use my Publishable Key to create a charge?
No, the Publishable Key generally only has permission to create tokens or sources. You need the Secret Key to actually charge that token. - Is it okay if people see my Publishable Key?
Yes, it is designed to be public. However, you should still restrict which domains or apps can use it via your Stripe Dashboard settings. - Does the Publishable Key start with “pk_”?
Yes, standard Stripe Publishable Keys begin with pk_live_ or pk_test_.
Related Terms: