ErasureDocs
Core Concepts

Publishable keys

Browser SDK credentials (pk_live_…) — not operator sessions.

Publishable keys

What it is

A publishable key (pk_live_…) authenticates the browser SDK to load published consent config and post receipts.

Why it exists

Browsers need a non-operator credential. Operator session tokens must never ship to the public web.

How Erasure uses it

  1. Owner creates a key under Develop.
  2. Raw key shown once.
  3. Server stores a hash; lookup by hash.
  4. SDK sends Authorization: Bearer pk_live_….
  5. Keys can be listed/revoked (Owner for create/revoke).

Draft consent is never returned to the SDK, even with a valid key.