> ## Documentation Index
> Fetch the complete documentation index at: https://docs.onchainsuite.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Authentication

> Choose the right auth pattern for browser sessions, embedded builders, publishable keys, and server-to-server workflows.

## Overview

Onchain Suite supports different auth models depending on where the integration runs.

## Common Patterns

### Browser App

For same-site product experiences, the recommended pattern is an authenticated session with cookies enabled.

### Embedded Or Non-Browser Client

When a browser session is not available, a bearer token or session token can be used for the specific flow you are embedding.

### Publishable Keys

Publishable keys are designed for safe client-side flows such as wallet-first identity and in-app challenge or verification steps.

### Secret Keys

Secret keys are for server-to-server protocol operations such as secure dispatch or backend-only delivery workflows. They should never appear in client code.

## Practical Guidance

* Keep browser auth and protocol server auth separate.
* Store secret keys in server-side infrastructure only.
* Rotate secrets regularly and keep clear ownership for each active key.
* Scope requests to the correct organization or project context when required.
