The Secret Access Key or
sak_and the Public Access Key or
pak_have distinct permission roles to accommodate many Lightning Network use cases client side and server side.
Secret Access Key: The
sak_ is intended to be used SERVER SIDE only, and is meant to be as secret as secret keys can get. This key has permission to perform ALL requests across the API.
Public Access Key: The
pak_ is intended to be used CLIENT SIDE only, and is intended to be paired with a Wallet Access Key (
pak_ is essentially serves as an account identifier, while the Wallet Access Keys provide a level of control over wallets. This dynamic is helpful for when you want to have wallets perform certain functions client side, but do not want to expose your entire LNPay account.
The Public Access Key cannot perform any LIST functions (list wallets, list transactions).
Each wallet has role-based permissioned access keys associated with it. The keys are generated on wallet create via the API or dashboard. They are only available via the API in the response from wallet create, and cannot be retrieved later via the API.
The purpose of these keys are to restrict use with client side applications. Browser side, in mobile apps, consumer hardware, etc.
Wallet LNURL Withdraw
This key is used in public LNURL links