A publishable key is a client-side identifier that tells the auth service which application is making requests. Unlike secret keys, publishable keys are safe to include in frontend code because they identify but don't authenticate.
Publishable keys only identify your app — they can't authenticate users or access data. Even if someone copies your key, they can't impersonate users or access your organization.
In Next.js: NEXT_PUBLIC_GITHAT_KEY in .env.local. In Vite: VITE_GITHAT_PUBLISHABLE_KEY in .env. Pass it to the GitHatProvider config.
Sign up at githat.io, create an organization, go to the Apps page in your dashboard, and create a new app. Copy the publishable key (pk_live_...).
Ship authenticated apps in minutes, not weeks.