Posted by & filed under Web API.

Mattieu Gamach lays it out nicely here.

Application ID: This is the main identifier that uniquely specifies your application. This is paired with one of the keys below to provide your clients access to your application’s data.


Client Key: This key should be used in consumer clients, like the iOS or Android SDK. It adheres to object level permissions. If your app has client push enabled, it can be used to send push notifications from the iOS and Android SDKs.


JavaScript Key: This key should be used in JavaScript SDK applications. It also adheres to object level permissions.


Windows Key: This key should be used in the Windows 8 and Windows Phone 8 SDK. It adheres to object level permissions. It cannot be used to send push notifications to iOS and Android devices.


REST API Key: This key should be used when making requests to the REST API. It also adheres to object level permissions.


Master Key: This key is only allowed to access the REST API and does not adhere to object level permissions. This is equivalent to admin level access and should be kept secret.


You’ll find all these keys on the dashboard page of your app.