Skip to main content

Create via dashboard

Integrations → API Clients → Create
name
string
required
Label for your integration (e.g. “Production website”).
environment
PRODUCTION | SANDBOX
required
Sandbox returns synthetic data; production returns live reviews.
allowedOrigins
string[]
required
Browser origins allowed to use the publishable key, e.g. https://www.example.com.

Create via API

curl -X POST https://api.ethioreview.com/api/v1/api-clients \
  -H "Authorization: Bearer <session-token>" \
  -H "Content-Type: application/json" \
  -d '{
    "organizationProfileId": "org_abc",
    "name": "Production website",
    "environment": "PRODUCTION",
    "allowedOrigins": ["https://www.example.com"]
  }'
Response includes publishableKey, clientId, and secret (once).

Key usage matrix

KeyHeaderWhere
pk_live_* / pk_test_*X-Widget-KeyBrowser widget, iframe
sk_live_* / sk_test_*Authorization: Bearer ...Your server

Security

  • Rotate compromised secrets: POST /api/v1/api-clients/{id}/rotate-secret
  • Revoke unused clients: POST /api/v1/api-clients/{id}/revoke
  • hashedSecret is never returned after create
Sandbox testing →