API keys are meant for use in the client. They can only be used for POST requests and are only viable when made with a valid
internalId. Be sure to keep your
Only use your private key in your backend.
All get requests that return data must be made with a private key. Only use in your backend.
Since the sandbox key can only be used with test data, the same key can be used for public and private API calls.