> ## Documentation Index > Fetch the complete documentation index at: https://docs.redem.io/llms.txt > Use this file to discover all available pages before exploring further. # API Keys > Learn how to manage and use API keys within ReDem. API keys let you call the ReDem API from your own systems. When you create a key, you choose a **permission level** that defines which endpoints it may call. ## Permission levels You create keys with one of two permission levels: | Level | Where to use it | What it can call | | ----------- | ------------------------------------------------------------------------------------------------------------- | --------------------------- | | **Private** | Backend servers, secure automation, and integrations where the key never reaches a browser or end-user device | **All** ReDem API endpoints | | **Public** | Browser, mobile app, or any client-side integration where the key **must** be present on the device | **`addRespondent` only** | Use a **public** key when your integration cannot keep the key on a server—for example, a script or app that runs directly in the respondent’s browser or on their phone and submits data via `addRespondent`. Use a **private** key whenever the request originates from infrastructure you control (your backend, server-side survey tools, ETL jobs, etc.). Private keys unlock the full API (surveys, configuration, retrieval, and `addRespondent`). **Private API keys must never** be embedded in frontend code, shipped in mobile apps, checked into repositories, or shared with third parties. If a private key is exposed—whether in logs, client bundles, or elsewhere—**delete that key immediately** in ReDem and **create a new private key**. Treat a leaked private key as compromised. Public keys are designed to be visible on the client; they still authenticate your company and are subject to rate limits, but they **cannot** call endpoints other than `addRespondent`. Any other route requires a private key. In the [API reference](/api-reference/intro/introduction), each operation’s request body schema includes an **Authentication** note stating whether a **private** or **public** key is allowed. ## Create API Key You can create an API key by following these steps: To create an API Key, you'll need a ReDem account. Don’t have an account yet?
Get started by [setting up your account](/account-setup).

Once you are logged in to [ReDem Application](https://app.redem.io/), navigate to the API Keys section in your profile.

Click on the "Create API Key" button to generate a new key. Give your API key a clear, descriptive name so you can identify its purpose later, and choose **Private (server-side)** or **Public (browser / client)** according to [permission levels](#permission-levels) above. Once you’ve created an API key, copy it and store it somewhere safe. You will not be able to see it again after you leave the screen.

Send the key in the api-key header on requests your integration is allowed to make (see your key’s permission level).

```http theme={null} api-key: your_api_key_xxx ```

For submitting respondents from the client, use a public key with the addRespondent endpoint. For all other API calls, use a private key from your backend.

 **Best practices for API key management:** * Use separate keys for testing and live surveys * Prefer a **private** key for server-side integrations; use a **public** key only when the key must live on the client. * If any key is compromised or exposed inappropriately, delete it immediately and generate a new one. ## Rate limits All API requests authenticated with `api-key` are subject to per-key rate limiting. * `addRespondent`: * Standard API keys: 1200 requests per minute * Premium API keys (configured per client): up to 1600 requests per minute * Other endpoints: * 1200 requests per minute If you exceed the limit, you will receive a `429` response: ```json theme={null} { "error": "rate_limit_exceeded", "message": "This API key exceeded 1200 requests per minute.", "statusCode": 429 } ```