> ## Documentation Index
> Fetch the complete documentation index at: https://docs.crossmint.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Overview

> Get your keys in seconds and start building

API keys are required to authorize requests against the Crossmint APIs. By using an API key, Crossmint knows which project is making the call, and can deduct credits from your balance.

## Staging vs. Production Keys

First, determine if you need a staging (testing) or production API key.

<CardGroup cols={2}>
  <Card title="Staging API Keys" icon="flask-gear" href="https://staging.crossmint.com/console/projects/apiKeys">
    Generate API keys for testing in the staging developer console
  </Card>

  <Card title="Production API Keys" icon="bolt" href="https://www.crossmint.com/console/projects/apiKeys">
    Generate API keys for going live in the production developer console
  </Card>
</CardGroup>

## Server-side vs. Client-side Keys

Server-side API keys are used in server-to-server communications or in code running on a server. These keys are not exposed to the end users and can have broader permissions because they are considered more secure, being stored and used in controlled environments.

<Note>
  The majority of Crossmint APIs require a server-side API key. For a comprehensive list of APIs available refer to
  the [API Reference](/api-reference/introduction).
</Note>

Client-side API keys are used in code that runs on the client-side, such as in web browsers or mobile apps. These keys are exposed to the end user and are therefore less secure. They typically have more restrictive permissions to minimize security risks. When creating a client-side API key, you also need to configure authorized origins that are allowed to make calls to the endpoint.

<Check>
  Client-side keys are required for building with the [Wallets SDK](/sdk-reference/wallets/typescript/overview), Authentication, and [Headless Checkout](/payments/headless/overview).

  You can also perform some custodial wallet actions with these key types. Finally, the [Verifiable Credentials SDK](/verifiable-credentials/introduction) also offers some features via client-side keys.
</Check>

## More information

<CardGroup cols={2}>
  <Card title="Rate Limits" icon="ruler" href="/introduction/platform/api-keys/rate-limits">
    Information about standard rate limits and exceptions
  </Card>

  <Card title="API Scopes" icon="bullseye" href="/introduction/platform/api-keys/scopes">
    Complete list of available API scopes
  </Card>

  <Card title="Server-side Keys" icon="server" href="/introduction/platform/api-keys/server-side">
    How to create and use server-side API keys
  </Card>

  <Card title="Client-side Keys" icon="browser" href="/introduction/platform/api-keys/client-side">
    How to create and use client-side API keys
  </Card>
</CardGroup>