# SDK Authentication

Endpoints for SDK authentication and token management

## Create public access token

 - [POST /public_token/create](https://docs.chicksx.com/apis/sdk-authentication/createpublictoken.md): Creates a public access token for SDK authentication. This endpoint must be called from your secure backend server using your merchant credentials.

The returned access token can be safely used in client-side applications to authenticate with the ChicksX SDK.

Session and order correlation: A sessionId is required and ties each public token to exactly one order. Once an order has been placed, the session expires and cannot be reused. If a user attempts to place another order within the same session, they will see a message indicating the session has expired and must restart the checkout process from your platform.

Security: Never expose your x-api-key or x-client-id in client-side code.

## Create public access token

 - [POST /public_token/create](https://docs.chicksx.com/apis/merchant/createpublictoken.md): Creates a public access token for SDK authentication. This endpoint must be called from your secure backend server using your merchant credentials.

The returned access token can be safely used in client-side applications to authenticate with the ChicksX SDK.

Session and order correlation: A sessionId is required and ties each public token to exactly one order. Once an order has been placed, the session expires and cannot be reused. If a user attempts to place another order within the same session, they will see a message indicating the session has expired and must restart the checkout process from your platform.

Security: Never expose your x-api-key or x-client-id in client-side code.