Skip to main content
A Bondify project is the top-level container for a single integration — one app, one environment, one set of credentials. Every API call you make is scoped to a project, so keeping things separated (for example, one project for your web app and another for your mobile app) gives you independent keys, analytics, and webhook endpoints with no cross-contamination.

What a project contains

Each project carries the following configuration and statistics fields:
FieldExample valuePurpose
Project ID (id)proj_xxxxxxxxIdentifies your project in client-side SDKs and API calls
Secret Key (secret_key)sk_live_...Signs and verifies proofs server-side — keep this private
Webhook URL (webhook_url)https://yourapp.com/webhooks/bondifyOptional endpoint that receives real-time auth events
Active (is_active)true / falseWhether the project is currently accepting authentication requests
Public access (public_access)true / falseControls whether the project accepts auth requests without an additional authentication header
Sessions count (sessions_count)142Total number of sessions created across the project’s lifetime
Confirmed count (confirmed_count)98Total number of sessions that reached confirmed status
Created at (created_at)2024-01-15T10:30:00ZISO 8601 timestamp of when the project was created
Your Secret Key (sk_live_...) must never leave your server. Do not include it in frontend code, mobile apps, or version control. If it is ever exposed, rotate it immediately from project settings.

How to create a project

1

Open the Projects tab

Log in to the Bondify dashboard and click Projects in the left sidebar.
2

Click Create project

Select Create project in the top-right corner to open the project creation modal.
3

Enter a name and optional webhook URL

Give your project a descriptive name (e.g., My App – Production). Optionally enter a Webhook URL if you want Bondify to push auth events to your server instead of polling.
4

Copy your Secret Key

After creation, the dashboard displays your Secret Key in full. Copy it immediately and store it in your secrets manager or environment variables. You can retrieve it again later via the Reveal button on the project detail page, but treat the key with the same care as a password.

How to find your keys

Open any project from the Projects list to reach the project detail page. You will see:
  • Project ID — displayed in full; safe to use in client code.
  • Secret Key — displayed masked (sk_live_••••••••). Click Reveal to see the full key, or copy it directly with the copy button.
If you closed the creation modal before copying the Secret Key, click Reveal on the project detail page to view it again at any time. The key remains retrievable until you rotate it — rotation immediately invalidates the previous key.

How to rotate the secret key

If your Secret Key is ever compromised — or you simply want to cycle it as a routine security measure — open the project detail page and click Regenerate key in the project settings panel.
Rotating the key immediately invalidates all previously issued proofs. Any in-flight proof verification using the old key will fail. After rotating, update the BONDIFY_SECRET_KEY environment variable on every server that calls verifyProof() before re-deploying.

Managing public access

The Public access toggle controls whether your project accepts auth requests that do not carry an additional authentication header. For most web integrations you can leave this enabled. For stricter server-to-server flows you may want to disable it and authenticate requests explicitly. You can toggle public access at any time from the project settings panel without rotating your key.
Create separate projects for your development and production environments. That way you can rotate keys, adjust webhook URLs, and tweak settings in development without affecting your live users — and vice versa.

Next steps

Authentication Flow

See how your project ID and secret key are used in the full auth flow.

Sessions

Learn what a session is and how to track its lifecycle.