Secured

SDK Access Tokens

Create the required browser SDK access token before initializing PrivacyClient.

Browser SDK initialization requires an SDK access token. Users must be on the Pro plan to create one in the Secured platform before shipping @secured-ai/core or @secured-ai/react to users.

An SDK access token is different from an AI provider API key. It only gates SDK initialization for browser origins you allow; it does not authorize chat, vault, billing, user, organization, or provider-key APIs.

1. Create a token

  1. Open the Secured platform.
  2. Go to Settings.
  3. Open SDK Access Tokens.
  4. Confirm the signed-in user is on the Pro plan.
  5. Click Create token.
  6. Enter a name such as Production browser SDK.
  7. Add each allowed origin one at a time.
  8. Copy the raw token when it is shown. It will not be shown again.

Use exact browser origins, including scheme and port when needed:

https://app.example.com
http://localhost:5173

2. Configure allowed origins

Each token is restricted to the origins you add. Browser initialization succeeds only when the request comes from an allowed origin.

Supported origin formats:

FormatExampleNotes
Exact originhttps://app.example.comMatches scheme, hostname, and optional port
Wildcard subdomainhttps://*.example.comMatches https://dashboard.example.com, not https://example.com
Local development port wildcardhttp://localhost:*Supported for explicit local development only
Loopback port wildcardhttp://127.0.0.1:*Supported for explicit local development only

Do not include paths, query strings, hashes, credentials, bare domains, wildcard schemes, unrestricted wildcards, or public-host wildcard ports.

3. Initialize the SDK

Pass both baseUrl and sdkAccessToken when constructing PrivacyClient in browser code.

import { PrivacyClient } from '@secured-ai/core'

const client = new PrivacyClient({
  baseUrl: 'https://dev-api.securedai.com',
  sdkAccessToken: import.meta.env.VITE_SECURED_SDK_ACCESS_TOKEN,
})

await client.initialize()

initialize() verifies the token before starting detection engines, workers, model downloads, or vault setup.

4. Rotate or revoke tokens

You can edit a token's name and allowed origins from Settings > SDK Access Tokens. Revoke a token when an environment is retired or a token is exposed. Revoked tokens fail initialization immediately.

SDK access tokens are safe to ship in frontend code only because they are origin-restricted. Treat them as publishable SDK credentials, not as backend secrets.

Installation

How to add @secured-ai/core to your project.

Quick Start

Detect and obfuscate PII in a browser application in under 5 minutes.

On this page

1. Create a token2. Configure allowed origins3. Initialize the SDK4. Rotate or revoke tokens