SDK & API Settings

The SDK & API Settings page is where you create, label, rotate, and revoke the API keys used for programmatic access to the PawPlacer public API. This lets you keep each integration isolated instead of sharing one secret everywhere.

Recommended path: For JavaScript and TypeScript projects, use the PawPlacer SDK. It wraps the full public API, adds typed responses and caching, and is the fastest way to integrate safely.

Overview

PawPlacer exposes both an official JavaScript SDK and a direct HTTP API for pets, adopters, fosters, adoption fees, and contracts. The SDK is the preferred path for JavaScript/TypeScript projects, while the HTTP API remains fully supported for direct integrations, other languages, and custom platform work. Both paths support the same operations:

• Retrieve pet, adopter, and foster data for display on external websites
• Automate data synchronization with other systems
• Create new pet profiles or adopter/foster records from external forms
• Fetch adoption fee rules and terms & conditions for your own application forms
• Build custom integrations and workflows

API Key Management

Create Your First Keys

Most teams should create at least two keys:

1. A read key for websites, dashboards, and public listings
2. A write key only for trusted backend jobs that create pets or people

When you create a key:

1. Give it a specific name such as "Website sync" or "Nightly import"
2. Choose the correct access level
3. Copy the full secret immediately
4. Store it in your password manager or server-side secret store

PawPlacer only shows the full secret once. After that, Settings shows only the preview and metadata for the key.

Read vs Write Access

• read keys can call all GET endpoints (pets, people, adoption fees, contracts, custom fields)
• write keys can call POST endpoints (POST /api/pets, POST /api/people) plus all read endpoints
• Write keys should stay limited to trusted server-side workloads
• Public websites should almost always use read keys

API Key Security

Each API key grants server-side access to the public API for your organization. Treat every key like a password:

• Never share your API key publicly
• Don't commit it to version control systems
• Don't include it in client-side code
• Store it securely and limit access to trusted team members

Rotation and Revocation

If one integration is compromised or no longer needed:

1. Create a replacement key for that specific integration
2. Update the external system to use the new key
3. Revoke the old key in Settings

Because keys are scoped per integration, you do not need to rotate every other system at the same time.

What You Can See in Settings

The Settings page shows:

• Key name
• Access level (read or write)
• Status
• Secret preview
• Created time
• Last used time

Use this metadata to keep external systems documented and to identify keys that should be rotated or removed.

Prefer the SDK

The PawPlacer SDK should be your default choice for new development. It covers pets, people, adoption fees, and contracts with typed responses, smart caching, automatic retries, and idempotency for safe create operations.

Continue to store your SDK credentials securely and rotate them on the same cadence as API keys.

Direct HTTP API

The direct HTTP API remains available and supported. Use it when you are:

• Integrating from a non-JavaScript runtime
• Generating clients from the OpenAPI contract
• Building custom middleware, sync jobs, or partner tooling around raw HTTP

If you are already using the direct API successfully, you do not need to migrate immediately. For new JavaScript or TypeScript work, prefer the SDK.