You can use Secret Keys to access any data for your application in YesGraph. This is bad when you have an insecure client (like a mobile or javascript app) where you need to embed keys in the client.

The solution is to generate Client Keys via the /client-key endpoint for each user. Then you can use the Client Key to get data in and out of YesGraph for just that user, without exposing any other data.

Run this call from a secure server. If you use Python, try our Python SDK. Once you have your Client Key, you can safely pass it to client-side Javascript, or a mobile device.

POST /client-key

Here’s how to get a client key for one of your users:

from yesgraph import YesGraphAPI

# Set your secret key and the user id.
# For signed-out users, use a random identifier like a session ID or device ID
api = YesGraphAPI("YOUR_SECRET_KEY")
client_key = api.get_client_key("CURRENT_USER_ID")
curl -X POST \
    -H 'Authorization: Bearer YOUR_SECRET_KEY' \
    -H 'Content-Type: application/json' \
    -d '{"user_id": "1234"}' \
    https://api.yesgraph.com/v0/client-key